NEWSPAPER 


SOFTWARE SALVOS 
The Navy and GAO take shots at each other over 


$1 billion in spending on ERP pilot projects. PAGE 6 
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Su eRT I Application service providers, 
eT many of which failed in the 
dot-com crash, are back for 
asecond act that has them playing new, 
more complex roles as “managed ser- 
vice providers.” But buyers need to tread 
carefully in this still-immature market. 
Stories begin on page 61. 
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computerworld. 
com/out- 
sourcing/ 
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BUYER’S MARKET 
ClOs need to keep competition alive between software 
vendors, says Bart Perkins. PAGE 58 
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‘CA Pushes Integration 
Strategy for Unicenter 


Upgrade widens internal connections, links to rival tools; 
users look to new capabilities to ease management tasks 





BY MATT HAMBLEN 
| Computer Associates Inter- 
national Inc. will announce a 


major upgrade of its systems 
management software at its 


| CA World user conference in 
| Las Vegas today, focusing on 


increased integration among 


| its Unicenter products and be- 
| tween them and rival tools. 


Unicenter already inte- 
grates with some management 
tools from other vendors. But 


Mark Barrenechea, executive 


Microsoft Has 
Big Plans for 


' SQL Server 


| Vendor tries to 


shake database’s 


low-end image | 


BY ERIC LAI 
SAN FRANCISCO 
SQL Server's roots as a prod- 
uct used by small companies 
and departments within larger 
enterprises have left the Micro- 
soft Corp. software with the 
tag of being the little database 
that couldn’t handle the data 
center needs of IT managers. 
With last week’s belated 
official release of SQL Server 
2005, Microsoft is trying to 
dispel that reputation once 
and for all. At its launch event 
here, Microsoft trotted out one 
SQL Server, page 16 


| last week that the 
| company will talk 


| link Unicenter to 





vice president of technology 


| strategy and chief technology 


architect at CA, said 


about ways to further 


soft Corp., Hewlett- 
Packard Co. and 
IBM’s Tivoli unit. 
“Not only will our [own] 
products be integrated, but 
they will also allow for an 


products from Micro- 


/ ee 
CA's integration 
| effort is more 
| than just marketing 
talk, says exec 
Mark Barrenechea. 
Page 78 


integration platform into 
your current environments so 
you don’t have to go 
through ‘rip and 
replace, ” Barrene- 
chea said. 

He confirmed that 
CA will announce 
Unicenter Release 
ll at the conference, 
along with new ver- 
| sions of its eTrust security 

software and BrightStor stor- 

CA, page 78 


IT Execs Seek Cohesive 


Data Storage Policies 


Tools, management support are lacking 





BY LUCAS MEARIAN 

LAS VEGAS 

Despite advances in tiered 
storage technology, many IT 
managers say they have no 
idea of the value of their com- 
panies’ data and can’t 
manage it in any auto- 
mated way. 

For example, Laura 
Fucci, chief technology 
officer at the Las Vegas- 
based MGM Mirage 
hotel and casino chain, 
said her department has 
implemented a tiered storage 
infrastructure for its 1I80TB of 
data. Nevertheless, the com- 
pany is still trying to better 
manage its storage, she said. 

Fucci was among several 


Visit our Web 
site for more 


on storage 


computerworld. 
com/storage 


speakers at the Storage Deci- 
| sions 2005 conference who 
| were here last week to talk 
about information life-cycle 
management and tiered storage. 
“One problem we have at 
MGM Mirage is we 
don’t have a storage 
[management] policy. 
We're going to tackle 
that next year,” Fucci 
said. She noted that 
the company must also 
develop a policy for 
handling sensitive data, such 
as credit card numbers. “The 
lawyers are compiling that in- 
formation now,” Fucci said. 
MGM Mirage is in the proc- 
ess of implementing Symantec 
| Storage, page 78 
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NEWS 


The avian flu threat prompts 
calls for IT managers to plan 
for workforce disruptions. 


The U.S. Navy has wasted $1 bil- 
lion on four failed ERP pilot 
projects, according to the GAO. 


The Pentagon works with a 

private-sector consortium to 
improve its ability to adopt new 
technologies. 


1 New software from Business 
Objects overcomes its prede- 
cessor’s shortcomings, say users. 


1 A breach-notification bill that 
critics say isn’t tough enough 
advances in Congress. 
Global Dispatches: Tata Con- 


14 sultancy Services expands its 
Latin American operations. 


16 Q&A: Microsoft CEO Steve 
Ballmer says the release of 
SQL Server 2005 should overcome 
reluctance to use the database to 
support enterprise-class apps. 


8 Q&A: SAP’s CEO talks about the 


changing ERP business. 


1 The FAA installs a system to 
monitor and analyze security 
data from multiple devices. 


ONLINE 


ONLINE DEPARTMENTS 
Breaking News 
computerworld.com/news 





Newsletter Subscriptions 
computerworld.com/newsletters 


Knowledge Centers 
computerworld.com/topics 





Online Store 
computerworld.com/store 


Data Detectives 

In the Technology section: IT managers such as 
Phillip Murray, departmental systems admin- 
istrator at McCarron International Airport in 
Las Vegas, are using database monitoring and 


auditing software to make sure they’re aware of 


any suspicious data transactions. Page 29 


OPINIONS 


On the Mark: Mark Hall reports 

on a study that found that the 
direct and indirect expenses for 
companies that have suffered 
breaches of customer data can 


reach well into the millions. 

? Don Tennant says the same 
determination to improve 
people’s lives through better com- 

munication has now yielded an 
unprecedented initiative to study 
and share information about the 


human brain. 

? Michael H. Hugos likens the 
orkings of IT to the two 

great musical traditions of his 


hometown of Chicago. 

4 Curt A. Monash believes 
memory-centric data manage- 

ment is coming into its own 

because it’s fast and cheap com- 


pared with other technologies. 
A Bart Perkins thinks it’s time 
to look beyond the benefits 
of software standardization to 
some of the troubling long-term 


ramifications. 
8 Frankly Speaking: Frank Hayes 
sees in Sony’s disastrous at- 
tempt to clamp down on digital 
piracy a need for a devil’s advo- 
cate who can see through those 
kinds of flawed projects before 
they become a big problem. 


DEPARTMENTS/RESOURCES 
At Deadline Briefs 

News Briefs 

Letters ; 

IT Careers 

Company Index 

How to Contact CW 


Shark Tank 
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Beyond the Water Cooler 

In the Management section: Attorney and 
IT Mentor John P. Hutchins takes a closer 
look at some of the known 
known — legal issues around corporate 


blogging. Page 45 


and lesser 


Ready for Hosting? It’s cheaper than 

a full-time worker and provides 
coverage beyond the 9-to-5 workday. 
But the managed service provider 
model is not a one-size-fits-all solution. 





ASPs, Take Two 
Editor’s Note: Nine out of 10 
application service provid 
ers bombed in the dot 
com crash, but 
now they’re 
back with new 
buzzwords and 
new capabilities. Here’s a 
guide to the pros and cons. 
Package begins on page 61. 


MSPs: The New Hosts. Users such 

as Black & Veatch’s Michael Lamb 
prefer next- 
generation service 
providers — MSPs 
— which they say 
spiff up the tradi- 
tional application 
service provider 
model with cus- 
tomization, engi- 
neering, security 
and maintenance. 


Data Diligence. The best 

line of defense against 
security and privacy prob- 
lems in an MSP agreement 
is to hire a lawyer. 


Five Questions for Your MSP. Here 

are some tips for negotiating a con- 
tract with a managed service provider 
and ensuring IT’s involvement. 


Opinion. Value-added resellers had 

better shift to the new MSP model 
of doing business, or they may not be in 
business much longer, warns columnist 
Mark Hall. 


The following stories can be found online at computerworld.com/outsourcing/report: 


LEGAL POINTERS. Lawyers : of application service 
providers and trends in 
the ASP industry, ranging 
from offshoring to vertical 
market penetration. 


from around the country 
weigh in with tips for 
client companies 

on negotiating and 
maintaining agreements 
with managed service 
providers. 


WEBCAST. There’s a new 
set of terms that describe 
companies known as 
ASPs. This webcast looks 
at the various flavors 


CORR eee eeeeseeeeeeeeeeEeeeeeseeS 


DATA POINTS. Download 
these PowerPoint 
slides with statistics on 
outsourcing for your next 
presentation. 


EXECUTIVE BRIEFING. 
Read about the common 


issues that IT managers 
will encounter when 
planning outsourced 
technology projects, 
ranging from evaluating 
service providers to exiting 


| 


COMPUTER COUNSEL. 
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reviews six issues that 
outsourcing providers 
need to tackle in order to 
maintain flexibility. 
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SUSE Linux Founder 
Leaves Novell 


Hubert Mantel, one of the found- 
ers of the SUSE Linux project, 
has resigned from Novell Inc. 
SUSE Linux AG was acquired 

by Novell in January 2004. 
Mantel was one of four founders 
of SUSE, a German consulting 
group that focused on creating a 
packaged version of Linux. Ear- 
lier this month, Novell restruc- 
tured its operations with a plan 
to focus on high-growth markets 
like Linux. 


U.S. Awards Health 
Care Network Pacts 


The U.S. Department of Health 
and Human Services has award- 
ed contracts totaling $18.6 mil- 
lion to four groups of health care 
and IT companies to develop 
prototypes for the Nationwide 
Health information Network 
architecture. The groups, led by 
Accenture Ltd., IBM, Computer 
Sciences Corp. and Northrop 
Grumman Corp., will develop 

an architecture and a prototype 
network for secure information 
sharing among health care 
organizations. 


Dell Results Fall 
Short of Projections 


Dell inc. reported that third- 
quarter revenue and earnings 
came in short of the company’s 
original expectations, as it had 
warned a week earlier. 


fe) tm =) eee eae) 
¢ elas 


03 06 Si 

Q3 05 RY sr te 
Microsoft Offers Aid 
Online for Licensing 
Microsoft Corp. today will unveil 
an online adviser to provide 
customers with product licens- 
ing details. Next spring, Micro- 
soft will add data to the Product 
Licensing Advisor Web site, 
including information on product 
use rights, Software Assurance 
Program benefits and other 
information to help customers 
choose from its array of license 
options. 


NEWS | 


Bird Flu Prompts Calls for 
IT to Plan for Disruptions 


Staff shortages 
feared if major 
outbreak occurs 


BY PATRICK THIBODEAU 
HE AVIAN flu has 
been spreading slow- 
ly, with bird infec- 
tions reported from 
Southeast Asia to Siberia and 
a growing number of people 
dying from the illness. But 
although the threat of a major 
outbreak is raising alarms 
among governments, it doesn’t 
appear to be doing so for many 
IT managers. 

For instance, Stephen Pick- 
ett, CIO at Bloomfield Hills, 
Mich.-based Penske Corp. and 
president-elect of the Chicago- 
based Society for Information 


» Management, attended a con- 


ference in Detroit last week 
with about 280 other IT execu- 
tives. No one at the conference 
mentioned the bird flu threat, 
according to Pickett. 

“The subject never came 
up, even though we were 
discussing various elements 


* of disaster recovery,” Pickett 


said. That may be because 


companies think their disaster 


recovery plans, in the after- 
math of 9/11, already cover 
the possibility of significant 





employee losses and an inabil- 
ity to communicate, he noted. 
But he also said it’s possible 
that the flu’s potential impact 
hasn't been considered inside 
corporate IT departments. 


Pandemic Predictions 

If the avian flu does morph 
into a pandemic, it will be dis- 
ruptive. That was made clear 
in a report issued this month 
by the U.S. Health and Human 
Services Department, which 
said a pandemic would likely 
attack about 30% of the over- 
all population and about 20% 
of working adults. The agency 
said the mortality rate would 
depend on the flu’s virulence. 

“Companies do need to 
think about it, from the board- 
room on down,” said Roberta 
Witty, an analyst at Gartner 
Inc., which is preparing a 
scenario guide for corporate 
executives. 

Witty said that business and 
IT managers have to make 
plans to deal with a flu out- 
break. “I can’t frankly say that 
anyone is prepared,” she add- 
ed. “I don’t think anyone has 
dealt with this kind of issue.” 

A pandemic could leave IT 
operations short of staff, espe- 
cially if schools are closed or 
the federal government impos- 





A bird in Jakarta, Indonesia, gets 
NEM rim ue R ite 


es quarantines. If a company 
is running multiple shifts and 
an IT worker on one becomes 
infected, “you could lose an 
entire shift,” Witty noted. 
Computerworld reached a 
half-dozen CIOs last week to 
ask if they’re concerned about 
the possible impact of the 
avian flu on operations both 
overseas and in the U.S. Some 
declined to discuss the issue. 
But others took both sides. 
“We should be thinking about 
this, and I will be talking to 








www.computerworld.com 


my [disaster recovery] people 
this week,” the CIO of a large 
university wrote via e-mail. 
“It is not on our radar,” said 
an IT executive at a building 
products firm, also via e-mail. 


“All of our operations and em- 


ployees are U.S.-based, and 
we haven't discussed it in our 
company — yet.” 

Businesses should plan for 
a potential disruption of up 
to six weeks, the approximate 
length of the avian flu’s ex- 
pected first wave, said Robert 
Gleeson, a doctor and medical 
director at The Northwestern 
Mutual Life Insurance Co. in 
Milwaukee. And if the flu does 
spread worldwide, companies 
might have limited options 
for moving work to different 
regions. “There may not be 
people who can come to your 
rescue,” Gleeson said. 

Among the things compa- 
nies can do is develop work- 
at-home and remote IT man- 
agement capabilities, set up 
teleconferencing systems and 
review their internal emergen- 
cy notification procedures. 

At Children’s Hospital 
Boston, for instance, “most of 
our key IT staff have the abil- 
ity to perform management 
tasks remotely from outside 
of the hospital,” said Daniel 
Nigrin, CIO and senior vice 
president of information ser- 
vices at Children’s. “So even 
if they cannot physically get 
into work, they can deal with 
issues from wherever they 
might be.” » 





IBM Unveils Midrange NAS Arrays 


Second product 


- line to come from 
- deal with NetApp 


BY LUCAS MEARIAN 

IBM last week brought out a 
line of midrange storage ar- 
rays that offer network- 
attached storage capabilities 


; and can transfer data via 
* Fibre Channel and the IP- 


based Internet SCSI protocol. 
The new IBM System Stor- 

age N5000 series is aimed at 

remote offices or enterprises 





with distributed environments. 
The systems can be configured 
for disk-to-disk backup or ar- 
chiving with write-once, read- 
many capabilities. 

The new systems are manu- 
factured by Network Appli- 
ance Inc. as the FAS3020 and 
FAS3050 systems and are 
resold by IBM under an agree- 
ment signed in April. In Sep- 
tember, IBM introduced the 
3700 NAS array, a rebranded 
NetApp FAS270 file server. 

NetApp user Steve Rolph, a 
storage and recovery expert at 





Sprint Nextel Corp. in Reston, 
Va., said he believes IBM’s re- 
lationship with NetApp could 
help him take advantage of its 
larger service organization, 
which can work with an entire 
infrastructure rather than 

just a single array. “Any new 
[NAS] purchases will be done 
through IBM,” he said. 


Moving to HP 

On the other hand, Brad 
Slaven, a systems administra- 
tor at Northwest Natural Gas 
Co. in Portland, Ore., said he 





won't be swayed by the IBM 
logo on the iSCSI systems. He 
said his company will likely 
turn to rival Hewlett-Packard 
Co. for the technology over the 
next few years because HP 
offers better low-end pricing. 

Dave Reine, an analyst at 
The Clipper Group Inc. in 
Wellesley, Mass., predicted 
that IBM’s service offerings 
will boost sales of the NetApp 
technology. 

The new IBM System Stor- 
age N5200 and N5500 prod- 
ucts will be available Dec. 9 in 
single and dual storage con- 
troller models. The N5200 will 
be priced from $60,000 and 
the N5500 from $85,000. » 
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NEWS 


GAO Says Navy Sank $1B Into 
Four Failed ERP Pilot Projects 


Military branch 
disagrees with 
report’s findings 


BY MARC L. SONGINI 
IE U.S. NAVY has 
wasted $1 billion 
since 1998 on four 
flawed ERP pilot 
projects based on SAP soft- 
ware, according to the Gov- 
ernment Accountability Office. 

The GAO said in a Septem- 
ber report to Congress that the 
installations were redundant 
and incompatible and that they 
failed to meet Navy require- 
ments because of their limited 
scope. “In short, the efforts 
were failures, and $1 billion 
was largely wasted,” the GAO 
report concluded. 

The Navy is now in the 
midst of an $800 million proj- 
ect to consolidate the pilot 
efforts and create a mammoth 
ERP system that is slated to 
go live in 2011. That project, 


Private Consortium na 
Advise DOD on Its IT 


BY PATRICK THIBODEAU 

In an effort to improve its 
ability to adopt new technolo- 
gies, the U.S. Department of 
Defense has turned to a DOD- 
funded consortium to help it 
develop a business process to 
better tackle IT problems. 

The effort is being spear- 
headed by the World Wide 
Consortium for the Grid, or 
W2COG, a private organiza- 
tion operating on a $1.7 million 
budget funded by the Defense 
Department. 

The W2COG aims to help 
defense and intelligence agen- 
cies meet broad, operational 
goals by using so-called net- 
centric collaborative efforts 
by private-sector firms and 
others to solve technology 
problems. The organization 
includes technical personnel 
from government, industry 
and academia. 








started two years ago, is also 
in jeopardy unless best prac- 
tices are adopted and followed, 
the GAO report said. 

The Navy vigorously dis- 
agrees with the GAO’s conclu- 
sions, said Capt. Tim Hollande, 
deputy director of Navy ERP 
programming. “Both the [U.S. 
Department of Defense] and 
the Department of the Navy 
are quite happy with how the 
pilots have gone,” Hollande 
said. “We’ve gotten a tremen- 
dous amount of knowledge in 
how to do an enterprise solu- 
tion in a military environment.” 

Hollande said that prior 
to the pilot projects, Navy of- 
ficials were uncertain whether 
such implementations were 
feasible. Now, he said, the 
Navy is confident that it can 
do them. “We think we got a 
lot of value,” Hollande said. 

The pilot implementations 
involved separate Navy sys- 
tem commands and a number 


! of systems integrators, in- 


ed to 
orts 


As the military reshapes its 
IT infrastructure to make it 
more integrated and respon- 
sive, the model developed 
by W2COG can be used to 
quickly solicit new ideas, spur 
collaboration and improve 
responsiveness, said U.S. Air 
Force Maj. Angela Burth. 

Burth is assigned to a de- 
fense command that works 
with various branches of the 
military to develop solutions 
to technology problems. One 
key problem the military faces 
is accessing technology that’s 
being developed in the private 
sector, said Burth. “We know 
the technology and capability 
is out there,” she added. 

Chris Gunderson, executive 
director of the Reston, Va.- 
based W2COG, said his org- 
anization will help by posting 
online the IT problems the 
government wants to solve 








Naval Participants 


The following Naval commands 
will use the new SAP-based 
ERP system: 

@ Naval Supply Systems 


® The Space and Naval 
Wartare Systems Command 


®@ Naval Sea Systems 
Command 
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© Naval Air Systems 
Command (NAVAIR) 


cluding IBM, Electronic Data 
Systems Corp. and Deloitte & 
Touche LLP. 

The pilot projects were in- 
tended to help modernize the 
Navy’s acquisition and finan- 
cial management, supply chain 
and other operations. One sys- 
tem was retired after it served 
its educational purposes, while 
the others continue to have 
limited deployment, Hollande 


and encouraging its members 
to collaborate on potential 
solutions. “We're interested in 
learning about business cul- 
ture even more than about the 
technology,” he said. 

Gunderson noted that many 
private-sector companies have 
figured out how to best find 
collaborators across the globe, 
teaming up “very quickly and 
loosely” to address needs. But 
the military has been known 
to take up to 10 years to adopt 
technologies already used in 
the private sector, he said. 


Communications Project 
The W2COG, which marked 
its first anniversary last month, 
has already used its collabora- 
tion process to help develop 
new ways to deliver emergen- 
cy communications in disaster- 
stricken areas. 

In that project, a vendor col- 
laboration effort used off-the- 
shelf technology to create a 
mobile Internet service to help 
emergency workers in parts 








said. The pilot systems still in 
use will ultimately be retired 
in favor of the single SAP 
system, a project now under 
way that will incorporate the 
best-of-breed functions from 
the pilots. 

Once it goes live, the con- 
verged application will oper- 
ate in a single data center 
designed for easy upgrades 
and cost-effectiveness, said 
Hollande. The new system 
will support some 90,000 
users globally and extend to 
nearly every facet of Naval 
operations. It will replace 280 
legacy mainframe and mini- 
computer-based applications, 
some of which are 20 years 
old, Hollande said. 

Still, the GAO said the over- 
arching ERP system won’t pro- 
vide an “all-inclusive, end-to- 
end corporate solution for the 
Navy,” noting that it faces sev- 
eral risks and doesn’t include 
aviation and shipyard opera- 
tions. The GAO also said the 
Navy must craft 44 separate 
software interfaces with other 
Navy and Defense Department 
systems and convert data for 
use in the new software. 

As a result, the report calls 


of the Gulf Coast that were 
hit hard by Hurricane Katrina. 
The need for a mobile, “hastily 
formed network” that could 
provide Internet connectiv- 
ity and collaboration tools in 
disaster zones was presented 
as a problem to the 40 vendors 
participating in the W2COG. 
The companies working to- 
gether on the project included 
Rajant Corp., a maker of wire- 
less networks; Cisco Systems 
Inc.; Redline Communications 
Inc., a wireless equipment 
maker; Tachyon Networks Inc., 


© We're inter- 
= © ested in learn- 
ing about business 
culture even more 
than about the 
technology. 
CHRIS GUNDERSON, 


EXECUTIVE DIRECTOR, WORLD 
WIDE CONSORTIUM FOR THE GRID 
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on the Navy to create metrics 
to assess project performance 
and risks. There must also be 
independent oversight to veri- 
fy and validate system perfor- 
mance and provide the Navy 
with unbiased reports. Semi- 
annual reviews of the program 
should also be implemented, 
the GAO report said. 

Overall, the Navy agreed 
with the recommendations 
and is already carrying out 
some of them, according to 
Hollande. He said the Navy 
completed its first validation 
with SAP AG in September. 
It’s also in discussions with 
shipyard and aviation opera- 
tions officials to ensure that 
they are eventually included 
in the system, he said. 

“Trying to implement ERP 
on the scale required by the U.S. 
Navy is... orders of magnitude 
harder and more expensive than 
the largest of corporate giants 
would encounter,” said Michael 
Taffe, an analyst at Boston- 
based AMR Research Inc. 

For its part, in a statement, 
SAP contended that the pilot 
projects “prove” that off-the- 
shelf software is a viable ERP 
solution for the Navy.» 


a satellite network provider; 
Skype Technologies SA; and 
Microsoft Corp. 

Though the military needs 
the private sector’s help in 
some areas of IT, in other ways 
it’s far ahead of corporate or- 
ganizations. For example, the 
Defense Advanced Research 
Projects Agency, which has a 
budget of about $2 billion, built 
some of the technology that 
underpins the Internet. 

“Arguably, the IT world is 
moving a little faster than the 
military can anticipate,” said 
Ray Bjorklund, an analyst 
at Federal Sources Inc. in 
McLean, Va. The government 
is often tied down by lengthy 
budget cycles that require two 
to three years of planning. 

Bjorklund said he sees the 
W2COG effort as being similar 
to open-source initiatives that 
focus on developer integration. 

“If this consortium is a way of 
jump-starting collaboration 
among industries, then great 

— it’s a great tool,” he said.» 
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From mainframes to servers, notebooks, 
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Juniper Hires Former 


ISS Researcher 
Former Internet Security Sys- 
tems Inc. researcher Michael 
Lynn has landed at networking 
vendor Juniper Networks Inc. 
Sunnyvale, Calif.-based Juniper 
confirmed Lynn’s hiring for the 
undisclosed job just months after 
he created an international stir 
at July’s Black Hat USA confer- 
ence by disclosing information 
about security weaknesses in 
Cisco Systems Inc. routers. Lynn 
was forced to quit his ISS job in 
order to give the presentation. 


investment Firm to 
Acquire CRM Vendor 


Investment firm Francisco Part- 
ners Management LLC in Menlo 
Park, Calif., has agreed to ac- 
quire all of CRM software maker 
FrontRange Ltd.’s outstanding 
shares. South Africa-based Front- 
Range valued the deal, expected 
to close within 90 days, at about 
$200 million. Under its new 
ownership, FrontRange plans to 
continue seeking growth in the 
midmarket, said CEO Michael 
McCloskey. 


Former Oracle Exec 
Named Liberty CEO 
Greg Maffei, whose resignation 
as Oracle Corp.’s chief financial 
officer was disclosed earlier this 
month, will soon become the 
CEO of Liberty Media Corp., an 
Englewood, Colo.-based invest- 
ment company. The longtime 
Microsoft Corp. executive was 
CEO of 360networks Corp. in 
Seattle for five years before join- 
ing Oracle. 


CEO Pledges More 
Palm OS Products 
Palm Inc. President and CEO Ed 
Colligan has penned a letter to 
Palm’s developer community 
promising to continue releasing 
Palm OS personal digital assis- 
tants and smart phones. There 
has been unrest among Palm 
developers over fears that the 
company’s forthcoming Win- 
dows Mobile-based Treo smart 
phone indicated waning support 
for Palm OS. 
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ON THE MARK 


NEWS 


Price of Security 
Breaches... . 


. .. reaches nearly $14 million per incident. That’s ac- 
cording to a study conducted by Ponemon Institute 
LLC for PGP Corp., a security software vendor in Palo 
Alto, Calif. Just another vendor-sponsored report slant- 
ed to back up breathless marketing claims? Perhaps. 


But Larry Ponemon, 
chairman of his 
namesake institute, 
got a firsthand look 
at 14 companies that 
made the news this 
year for losing cus- 
tomer data. Ponemon 
did individual audits 
to learn the direct costs borne 
by the affected companies 
(such as attorneys’ fees and 
the cost of mailings and calls 
to affected customers), plus 
indirect expenses like lost 
productivity and opportunity 
costs (such as the long-term 
revenue hit from customers 
taking their business else- 
where). Andrew Krcik, PGP’s 
marketing vice president, 
says he understands that 
people may quibble about the 
details of the indirect expens- 
es, but he adds that the $69.8 
million in direct costs paid 

by the 14 surveyed companies 
ought to be a wake-up call. As 
a marketer, Krcik thinks the 
most worrisome finding from 
the study was that the partici- 
pating companies lost 2.6% 
of their customers on average 
after suffering data breaches. 


SER) 


Be) emeess Cull accte| 
by 14 companies 
that lost cus- 
tomer data, says 
Ponemon Institute. 





“Do you know how 
expensive it is to ac- 
quire new custom- 
ers?” he asks. “A lot.” 


Control scary 


protocols . . . 
«+. On your network 
via software running 
on an appliance. CipherTrust 
Inc. is releasing software 
called IronNet that runs on 
its IronMail appliance and is 
designed to manage HTTP, 
peer-to-peer and voice- 
over-IP protocols, says Jay 
Chaudry, CEO of the 
Alpharetta, Ga.-based 
company. Now you can 
use CipherTrust’s man- 
agement console to de- 
fine policies for e-mail 
and instant messaging 
plus services sup- 
ported by the added 
protocols, Chaudry 
says. IronNet costs $5,995 and 
is due early next year. 


Restrict PC software 


to improve... 

. «network security while lower- 
ing IT costs. According to Jef- 
frey Hibbard, vice president 


Chaud 
ei 


~ work. Keith Feingold, 


Nasal 


otocols 
under control. 


of marketing at Ardence Inc., 
the Waltham, Mass.-based 
company’s On-Demand Soft- 
ware pushes software images 
to desktop PCs after end us- 
ers log on. Hibbard says the 
images are based on profiles, 
so only authorized users can 
run applications. Across the 
pond in London, Steve Peskin, 
co-CEO of Propero Inc., simi- 
larly argues that managing 
PCs is often overly complex 
and always too costly. Prope- 
ro sells software called Work- 
Space Desktop Virtualization 
that centralizes applications 
on servers and virtualizes 
them on desktops. There are 
drawbacks to each vendor’s 
approach. For example, Hib- 
bard acknowledges the 
challenge of controlling ap- 
plications on laptops, which 
can’t boot software images 
when they’re untethered from 
a network. And Peskin says 
that most of Microsoft Corp.'s 
software still needs to be resi- 
dent on machines. “We don’t 
completely solve the problem,” 
he refreshingly admits. “But 
we go a long way toward it.” 


a a corporate 
vocabulary .. . 


. improves application de- 
velopment by simplifying what 
should already be simple. Inside 
businesses, a customer isn’t 
always who he seems to be. 
For the accountants, it may 
be whoever pays invoices; 
for field-service tech- 
nicians, it may be the 
manager of a plant 
where they do repair 





CEO of Contivo Inc. 

in Mountain View, 

Calif., thinks that the 

manifold definitions of 

common terms inside 
companies can be trouble- 
some for software developers. 
What they need is a reposi- 
tory for corporate vocabulary, 
he says. Feingold’s company 
next month will release a 
desktop version of Contivo 

| Builder, software that stores 


a) 





www.computerworld.com 


HOT TECHNOLOGY TRENDS, NEW PRODUCT 
NEWS AND INDUSTRY BUZZ BY MARK HALL 


definitions of 
terms and the 
application 
requirements 
associated with 
them in XML 
for easy export. 
The desktop 
software costs 
$499, A server 
version is due next year. 


Linux cluster on 


wheels rolls out . . . 

.. With up to 24 dual-core blade 
servers. At a supercomputing 
conference in Seattle this 
week, Penguin Computing 
Inc. will show off a prototype 
mobile cluster that runs Linux 
and can be configured with 
up to 96GB of RAM and more 
than 2.6TB of storage. The 
clustered blades are linked 
via Gigabit Ethernet, says 
Steve Joachims, vice president 
of marketing and business 
development at San Francisco- 
based Penguin. According to 
Joachims, Linux is designed 
specifically for clusters. He 
notes that you can run the 
blades in diskless mode and 
that the Linux kernel is tuned 
to leave more RAM open for 
running applications. Putting 
the cluster on casters makes it 
ideal for developers who need 
to test applications in a lab, 
then move the system back to 
an office for more debugging. 
It should ship in the first quar- 
ter; pricing will start at about 
$25,000. » 


ait 
Ce melts 

OT meels eel 
vocabulary. 


| Penguin's “mobile” Linux cluster. 








With Sybase® software, Nielsen Media Research enables customers 
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Users Say New Business Objects 
‘Tool Overcomes XI Problems 


Earlier version 
was lacking key 
features, some say 


BY HEATHER HAVENSTEIN 
ORLANDO 
OME USERS who passed 
on the business in- 
telligence tools that 
Business Objects SA 
unveiled early this year are 
planning to move to the next 
release because it promises to 
ease administrative burdens 
and forge closer ties between 
ERP data and spreadsheets. 
The first version of the 
Business Objects XI platform, 
which integrates BI software 
with the reporting tools the 
company acquired from Crys- 
tal Decisions, began shipping 
late last year. 
Some organizations opted 
to wait for Release 2 because 
the first one lacked support for 


| full-client query and analysis, 
| according to some users at the 
| company’s Insight Internation- 
al User Conference here. 

Release 2 is slated to begin 
shipping before the end of the 
month. 

James Young, senior man- 
ager for enterprise business in- 
telligence at Allstate Insurance 
Co. in Northbrook, I11., said the 
insurer plans to begin shifting 
from Business Objects 6.5 to 


quarter of next year. With Ver- 
sion 6.5, the company moved to 
standardize on San Jose-based 

Business Object’s Web-based 


| query and analysis tools. 


“We've been waiting on full 
client integration ...to put 
everything on a single server,” 
Young noted. 

Release 2 will also allow All- 
state to combine server main- 
tenance and load-testing ad- 
ministration teams, he added. 





DHS Questions Security 
Of FEMA Database 


Agency says 
improvements 
are under way 


BY LINDA ROSENCRANCE 

The Federal Emergency Man- 
agement Agency is not ad- 
equately protecting sensitive 
data in its National Emergency 
Management Information 
System (NEMIS), according to 
a report released last week by 
the U.S. Department of Home- 
land Security. 

FEMA, the agency that 
came under fire for its slow 
response to Hurricane Katrina 
in late August, is part of the 
DHS’s Emergency Prepared- 
ness and Response (EP&R) 
Directorate. 

Since the agency received 
the report from DHS Inspector 
General Robert Skinner in ear- 


ly August, it has developed and 
maintained many essential 
security controls for NEMIS, 
but much more work needs to 
be done, the report said. 

Specifically, the report said 
that FEMA must implement 
effective procedures for grant- 
ing, monitoring and removing 
user access to the data. The 
agency must also improve staff 
contingency training and test- 
ing, Skinner said. 

In addition, the report cited 
vulnerabilities on NEMIS 
servers related to access rights 
and password administration 
that must be fixed. 

NEMIS, which tracks poten- 
tial disasters and coordinates 
response operations, is used 
by individuals and small busi- 
nesses to apply for federal as- 
sistance. It also processes re- 
quests from states for funding 





XI Release 2 during the second | 








The Clarks Companies NA, 
a Newton, Mass.-based foot- 
wear company, is just now in 
the final stages of rolling out 
Business Objects 6.5, the ver- 
sion before XI, said Stephen 
Katsirubas, vice president of 
information systems. 

Clarks plans to begin up- 
grading to XI Release 2 in the 
spring of 2006 because of its 
ability to manage full-client 
and Web-based tools on one 
server, Katsirubas said. In ad- 
dition, Release 2 will allow the 
company to integrate multiple 
data sources for Web-based 
query and analysis, he added. 

Clarks has between 300 and 
350 Business Objects 6.5 users 
and has launched a pilot proj- 
ect to add 500 users at its 170 
retail stores, Katsirubas said. 

T. Rowe Price Associates 
Inc. has been beta-testing XI 
Release 2 for the past two 
months. Kipton Barkley, proj- 


Protecting Data 


NEMIS database 


of hazard mitigation projects. 
“Due to these database secu- 
rity exposures, there is an in- 
creased risk that unauthorized 
individuals could gain access 
to critical EP&R database 
resources and compromise 
the confidentiality, integrity 
and availability of sensitive 
NEMIS data,” Skinner wrote in 
the report. “In addition, EP&R 
may not be able to recover 
NEMIS following a disaster.” 





Business Objects 
XI Release 2 


Highlights 


@ Platform-level support for 
full-client Business Objects 
querying and analysis. 

® Tools to automatically re- 
fresh Microsoft Office applica- 
tions with BI data. 

® An interface that lets users 
ask questions about business 
information. 

@ Areference guide to help 
users more quickly locate and 
interpret data. 

@ A tool to collect and unify Bi, 
ETL and third-party metadata. 


ect lead at the Baltimore-based 
company, said he plans to 
upgrade from Version 5.1 to 

XI Release 2 in the first half of 
next year for one of the com- 


The report called on FEMA 
to create adequate NEMIS user- 
access controls and urged it to 
implement an IT contingency 
training and testing program 
for the system. Skinner also 
said FEMA must develop cor- 
rective action plans to address 
vulnerabilities in NEMIS. 

In a formal response to the 
report, FEMA officials said 
that they agreed with the 
recommendations in the draft 
report received last summer 
and that they are moving to 
correct the deficiencies. But 
Skinner said FEMA has not yet 
offered a specific plan to ad- 
dress 56 deficiencies and noted 
that EP&R has still not fully 
aligned its security program 
with DHS’s overall policies, 
procedures or practices. 

“For example, security con- 
trols had not been tested in 
over a year; a contingency plan 
has not been tested; security 
control costs have not been 
integrated into the life cycle 
of the system; and system and 
database administrators have 


pany’s four projects that use 

Business Objects’ tools. 
Barkley said Release 2 will 

support reporting and analysis 


| for 2,000 users who access a 


repository of human resources 
and financial documents from 
ERP systems. 

In addition to full-client 
support, Barkley said the com- 
pany likes the new Live Office 
feature in Release 2, which in- 
tegrates with Microsoft Office 
to allow users to refresh Excel 
spreadsheets with data from 
transactional systems. 

A high percentage of users 
at T. Rowe Price run reports 
and download the results into 
Excel. Now, users could have 
the spreadsheets automatically 
updated, he added. 

Dan Vesset, an analyst at 
IDC, said many companies 
running older versions of 
Crystal Reports or Business 
Objects tools were concerned 
with server administration 
and management in the first 
release of XI. But those con- 
cerns have been addressed, 
and Business Objects has add- 
ed new user interface features 
like Live Office, he added. ? 


not obtained specialized secu- 
rity training,” Skinner wrote. 

The NEMIS database, which 
was implemented in 1998, was 
designed and developed by 
Fairfax, Va.-based systems 
integrator Anteon Corp., us- 
ing Oracle Corp.'s relational 
database management system, 
according to Anteon’s Web 
site. The vendor information 
was redacted from Skinner’s 
report. 

At that time, NEMIS re- 
placed FEMA's legacy system 
with an integrated client/ 
server architecture consist- 
ing of more than 31 networked 
| servers installed nationwide, 
according to Anteon. ® 


The title for Ed Hammersla, an 
executive at Trusted Computer 
Solutions Inc. in Herndon, Va., 
was listed incorrectly in last 
week's On the Mark column. 

+ Hammersla is the company’s 
!: chief operating officer. 








aes eUl NVA elt Meta ine) 
IRIN \VMlA MOU mare le se 


(Can you at least show a hint of panic?) 


When you need to upgrade your network security, it's nice to know you can count on CDW. Our account managers and 
product specialists can get you quick answers to questions. And with fast shipping and access to the industry's largest 
in-stock inventories, you can be sure to get the security solutions you need when you need them. So give us a call and find 
eres Url Rie) AN Mt CcMIMT-] 8) oman Roce (an ee Cy ues 7 





The Right Technology. Right Away. 


GD) Keene beet GB) 
In Canada, call 888.898.CDWC * CDW.ca 





2 COMPUTERWORLD November 14, 2005 


nla 
CA Sells Ingres in 
Streamlining Effort 


Computer Associates Interna- 
tional Inc. has agreed to sell 
majority ownership of its Ingres 
database technology to private 
equity firm Garnett & Helfrich 
Capital, which is forming a new 
company called Ingres Corp. to 
develop and market the open- 
source software. CA will retain 
a minority stake in Ingres and 
have a seat on its board Finan- 
cial terms of the deal weren't 
disclosed. CA said the Ingres 
sale was part of an effort to 
streamline its vast collection of 
acquired software. 


Cisco Reports Solid 
First-Quarter Sales 


Cisco Systems Inc. reported a 
revenue increase for the first 
quarter of its 2006 fiscal year 
but said its net income was re- 
duced by stock-option expenses. 


CISCO BY THE NUMBERS 


REVENUE + + # £éPROFIT 


Former Oracle Exec 
Named Borland CEO 


Borland Software Corp. has 
named Tod Nielsen CEO, replac- 
ing Dale Fuller, who resigned in 
July. Nielsen comes to Borland 
from Oracle Corp., where he was 
senior vice president of market- 
ing and global sales support. 
Before that, he spent 12 years 
in a variety of posts at Microsoft 
Corp., BEA Systems Inc. and 
Crossgain Inc. Fuller remains on 
Borland’s board of directors. 


Unisys Restates Q3, 
Adds $1.57B Charge 


Unisys Corp. has revised its 
previously announced financial 
results for the third quarter, 
adding a $1.57 billion noncash 
charge. The struggling vendor 
had previously reported a net 
loss of $54.3 million for the 
quarter, which ended Sept. 30. 
The loss now amounts to $1.63 
billion, said Unisys, which last 
month disclosed plans to cut 
3,600 workers from its staff. 
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Bill Requiring Notice of 
Breaches Goes Forward 


Critics say measure isn’t hard enough 
on companies that lose customer data 


BY JAIKUMAR VIJAYAN 
PROPOSED FEDERAI 
law that would re- 
quire companies to 
notify consumers of 

data breaches involving their 

confidential information is be- 
ing criticized by some security 
analysts as too ambiguous to 
be really effective. 

The Data Accountability 
and Trust Act, or DATA, was 
approved on Nov. 3 by a 13-8 
vote along party lines by a 
House of Representatives 
subcommittee that’s respon- 
sible for commerce, trade and 
consumer protection. A nearly 
identical bill is under consid- 
eration in the Senate. If it be- 
comes law, DATA would over- 
ride state mandates such as 
California’s SB 1386 Database 
Breach Notification Act. 

In addition to the notifica- 
tion requirements, the pro- 
posed bill would require in- 
formation brokers that collect 
and sell personal data to notify 
the Federal Trade Commis- 
sion about their plans for safe- 
guarding the information they 
maintain. They also would 
have to submit to periodic se- 





curity audits by the FTC in the 
event of a breach. 

While such a national law is 
needed, the biggest problem 
with DATA is that it would re- 
quire companies to inform con- 
sumers of data breaches only if 
they think there’s a significant 
risk of fraud, said Alan Paller, 
director of the SANS Institute, 
a security research and train- 
ing firm in Bethesda, Md. 

That would leave an open- 


| ing for many companies to 


avoid reporting breaches in- 
volving the loss of customer 
data, as they are required to do 
under some state laws, Paller 
said. “I believe that 98% of the 
time companies are not going 
to disclose breaches” if they 
aren’t required to, Paller said. 
“Only 2% are going to be good 
citizens. It will be the absolute 
decimation of the impact of 
the California bill.” 

What makes such a scenario 
likely is the fact that often it 
is next to impossible to link 
cases of identity theft and 
fraud back to a specific secu- 
rity breach, said Christopher 
Pierson, a lawyer at Lewis and 
Roca LLP in Phoenix. 





The Data 
And Trust Act 


@ Would require companies to 

notify individuals affected by 

security breaches if there is rea- 

son to believe that their personal 

information is at significant risk 
being used for fraud. 


agency for up to five years if they 
are hit by a breach. 


“By including this language 
about significant risk, the bill 
will leave it entirely up to the 
companies themselves” to 
decide whether to report a 
breach, Pierson said. 

Some companies would no 
doubt take advantage of the 
bill’s wording, conceded an 
internal financial analyst at a 
New York-based insurer. Even 
so, there is an overdue need 
for some sort of minimum 
threshold that would have to 
be crossed before companies 
are required to disclose secu- 
rity breaches, said the analyst, 
who requested anonymity. 

Disclosure laws such as 


SRR NC ih a TS 
Credit Reporting Firm Hit by Theft of Confidential Data 


TransUnion LLC, one of the three 
major credit-reporting companies, 
last week became the latest large 
business to report a security lapse 
involving the potential compromise 
of confidential customer data. 

The Chicago-based company dis- 
closed that a password-protected 
desktop PC containing Social Se- 
curity numbers and other personal 
information belonging to more than 
3,600 consumers was stolen from 
one of its sales offices in California 
last month. The theft prompted 
TransUnion to send notices to the 
people who were affected by the 
breach, informing them of the theft 


: and offering a year's worth of free 
: credit monitoring services. 
: — TransUnion also has been moni- 
: toring the credit reports of affected 
= consumers since the theft occurred, 
: the company said in a statement. 
: “At this point, we do not believe 
: there is any indication of any fraudu- 
lent activity,” it added. 

However, Prat Moghe, CEO 
of Tizor Systems Inc., a Maynard, 
Mass.-based vendor of activity au- 
: diting tools, said via e-mail that the 
breach could have a wider impact 
if information stored on the stolen 
PC enables whoever has it to ac- 
cess databases holding information 


eeeeeseeveses 


about people other than the initial 
set of victims. 

TransUnion maintains credit 
histories on consumers for use by 
lenders and other businesses. Its 
breach is the latest in a series of 
high-profile data compromises that 
have raised concerns about identity 
theft and prompted federal lawmak- 
ers to propose several IT security 
regulations. 

The company said that it notified 
local law enforcement authorities of 
the break-in and that it has assem- 
bled an internal team to investigate 
the incident. 

~ JAIKUMAR VIJAYAN 
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the one in California use a 
so-called acquisition standard 
that requires companies to no- 
tify consumers each time their 
data falls into the hands of an 
unauthorized person, he said. 
That sort of a trigger, he added, 
has resulted in an onslaught of 
notifications, creating “a ludi- 
crous situation” for companies. 

DATA also contains ambi- 
guities. For example, Pierson 
said that the bill, as proposed, 
doesn’t specify a time period 
within which a company must 
disclose a data breach to its 
customers. 

In addition, the bill speci- 
fies that companies must have 
policies and procedures for 
protecting consumer data but 
doesn’t explicitly call for any 
controls, said Arshad Noor, 
CEO of StrongAuth Inc., a 
compliance management ser- 
vices firm in Sunnyvale, Calif. 

As with most legisla- 
tion, DATA has good and 
bad elements, said Gartner 
Inc. analyst John Pescatore. 
Strengthening the FTC’s en- 
forcement capabilities would 
be a positive step, he said. And 
raising the bar for disclosing 
breaches isn’t automatically a 
bad thing, according to Pesca- 
tore. He seconded the idea that 
existing laws have produced 
a “disclosure overload,” with 
companies being forced to ad- 
mit to every security incident 
involving customer data. 

Despite his overall concerns 
about the bill, Pierson praised 
a provision that would exempt 
companies from reporting 
breaches if they have encrypt- 
ed sensitive data. The pro- 
posed law is also very explicit 
about the consumer notifica- 
tion process and what infor- 
mation needs to be included in 
such notices, he said. 

DATA, officially known 
as H.R. 4127, was authored 
by Rep. Cliff Stearns (R-Fla.), 
chairman of the subcommit- 
tee that approved the measure. 
The legislation next goes to 
the full House Energy and 
Commerce Committee for fur- 
ther consideration. » 


For full coverage of IT security, visit 
our Security Knowledge Center at 
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Tata Expands in Latin 
America Via BPO Buy 


BANGALORE, INDIA 

ATA CONSULTANCY Services Ltd. 
T last week acquired Comicrom, 

a business process outsourcing 
(BPO) vendor in Santiago, Chile, for 
$23 million. Mumbai, India-based TCS 
said it expects the move to strengthen 
its ability to win outsourcing deals in 
Latin America as well as other Spanish- 
speaking regions. 

Comicrom provides BPO and related 

IT services to banks, insurance compa- 
nies, pension funds, government bod- 
ies and other large users in Chile. The 
company will help TCS gain business 
from the Latin American operations 
of multinational companies and from 
customers in other countries where 
Spanish is the principal language, 
N. Chandrasekaran, head 
of global sales and opera- 
tions at TCS, told report- 
ers here last week. 

TCS, which also bought 
out Comicrom’s 49% 
share of an IT services 
joint venture set up by 
the two companies, al- 
ready operates software 
development centers in 
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Brazil and Uruguay. With the acquisi- 
tion of Comicrom and its 1,257 workers, 
TCS now has about 2,000 employees 
and more than 100 customers in Latin 
America. 

Comicrom had revenue of $35.5 mil- 
lion in its 2005 fiscai year but needs a 
significant infusion of funding to grow 
its operations beyond Chile, according 
to Chandrasekaran. 

@ JOHN RIBEIRO, IDG NEWS SERVICE 


intel Pentium M Chips 
Relabeled in China 


BEIJING 

ELABELED VERSIONS of Intel 
Corp.’s Pentium M mobile pro- 

cessors are being circulated in 
China by unauthorized distributors 
trying to pass them off as chips with 
better performance and higher prices. 
But Intel contended last 
week that the problem 
isn’t widespread. 

The relabeled proces- 
sors that have surfaced in 
China had been distrib- 
uted to computer makers 
as engineering samples 
and weren't intended to 
be sold to end users, said 
Jennifer Liu, an Intel 





spokeswoman in Beijing. 

After Intel became aware of the 
situation in China, it sent a reminder 
to hardware makers worldwide that 
sample chips aren’t meant to be resold, 
Liu said. She advised end users who are 
worried about buying systems based on 
relabeled chips to purchase computers 
only from reputable dealers. 
@ SUMNER LEMON, IDG NEWS SERVICE 


IBM Agrees to Buy IT 
Services Firm in India 


BANGALORE, INDIA 
BM LAST week said it has agreed to 
: buy Network Solutions Ltd., an IT 
services company based here. 

IBM said that after the acquisition 
is finalized, Network Solutions will 
become a wholly owned subsidiary. It 
didn’t disclose the terms of the deal, 
which is expected to be completed 
within a month. 

Network Solutions offers IT infra- 
structure management and network 
design services, and it installs con- 
verged data, voice and video networks. 
The privately held company has been 
profitable for the past 12 years, said 
managing director Sudhir Sarma, 
who added that Network Solutions’ 
current management team will 
remain in place after the acquisition 
is completed. 

@ JOHN RIBEIRO, IDG NEWS SERVICE 
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Briefly Noted 


Celtel International has awarded 
LM Ericsson Telephone Co. a 

$26 million contract to upgrade its 
GSM cellular networks in Kenya, 
Uganda and Tanzania. Hoofddorp, 
Netherlands-based Celtel operates 
mobile phone systems in 13 African 
countries. Stockholm-based Erics- 
son has started the upgrades in Tan- 
zania and Uganda and is scheduled 
to begin work in Kenya next month. 
@ MICHAEL MALAKATA, 

IDG NEWS SERVICE 

Sohu.com Inc., a Beijing-based 
Internet portal operator, last week 
said it has been named the official 
sponsor of Internet content services 
for the 2008 Olympic Summer 
Games. Sohu has built and will man- 
age and host the Web site for the 
Beijing Organizing Committee for 
the Games of the XXIX Olympiad. 

@ SUMNER LEMON, IDG NEWS SERVICE 
Achievo Corp. in Dublin, Calif., said 
it has acquired Advanced Network 
Services Group, a Tokyo-based 
provider of software development 
outsourcing services. ANS has 200 
workers in Tokyo and at facilities in 
Beijing, Shanghai and Dalian, China. 
The purchase price wasn't disclosed. 


Alliance Launches Effort to 
Link Authentication Tools 


BY JAIKUMAR VIJAYAN 
The Liberty Alliance Project, 
a consortium of companies 
that’s working on federated 
identity management stan- 
dards, last week announced 
the creation of a group that 
will focus on developing in- 
teroperability specifications 
for so-called strong authenti- 
cation tools. 

The Strong Authentication 
Expert Group (SAEG) includes 
American Express Co., Finan- 
cial Services Technology Con- 
sortium Inc. (FSTC), Oracle 
Corp., VeriSign Inc. and the 
Defense Manpower Data 
Center within the U.S. Depart- 
ment of Defense. 

Roger Sullivan, a Liberty Al- 
liance board member, said the 





new group will try to speed 
up the development of strong 
authentication interoperability 
standards, specifically for fed- 
erated networks where end us- 
ers can use one set of identity 
credentials to gain access to 
multiple network domains. 
But Sullivan, who is a vice 
president of business develop- 
ment at Oracle, added that 


“the principles of what we are 


discussing” could also be ap- 
plied in network environments 
that aren’t federated. 

For that reason, the initia- 
tive should be relevant to 
the retail banking industry, 
said Jim Salters, director of 
technology development and 
business initiatives at the New 
York-based FSTC. He noted 





that banks face a deadline of 
Dec. 31, 2006, for implement- 
ing stronger processes for au- 
thenticating online customers 
under guidelines issued last 
month by the Federal Finan- 
cial Institutions Examination 
Council. 

The SAEG’s Identity Strong 
Authentication Framework 
will be designed to enable 
technologies such as smart 
cards, tokens and biometric 
tools to interoperate across 
organizations, networks and 
vertical market segments. The 
first draft of the framework, 
which is referred to informally 
as ID-Safe, is expected to be 
completed by mid-2006. 

Meanwhile, the FSTC is 
developing its own set of 
guidelines and standards for 
improving mutual authentica- 
tion processes between banks 
and online customers. 

The blueprint for mutual 





Plans to 
develop an interoperability 
framework called ID-Safe. 
The first draft is scheduled 
for release by mid-2006. 


Is working on the 
SHUT e Tamm WiULCrel eC 
thentication, which is aimed 
at banks. Initial specifica- 
tions are due in Q1 of 2006. 


Is developing a 
Mali w- Laelia em (eg 
universal application of 
strong authentication tools. 


authentication is being devel- 
oped by a 25-member group, 
including representatives from 
eight of the top 10 banks in the 
U.S., Salters said. He added 
that the goal is to make it eas- 


ier for financial institutions to 
deploy strong authentication 
technologies and for consum- 
ers to adopt them. 

The process brings financial 
institutions together “to dis- 
cuss the commonalities that 
need to be in place for deploy- 
ing stronger authentication,” 
Salters said. 

An initial set of specifica- 
tions is due in next year’s first 
quarter. The FSTC will also 
create a list of the interopera- 
bility and technology features 
that the financial industry 
needs to work on or provide 
to IT vendors, Salters said. 

Another group working 
toward similar goals is the 
Initiative for Open Authenti- 
cation, or Oath, which has a 
membership made up largely 
of IT vendors. Oath is develop- 
ing interoperability standards 
and a reference architecture to 
foster the adoption of stronger 
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Continued from page 1 


SQL Server 


enterprise user after another 
who said they have already ad- 
opted SQL Server 2005 to han- 
dle their largest, most heavily 
accessed databases. 

For example, AIM Health- 
care Services Inc., a Franklin, 
Tenn.-based company that 
audits health claims and 
payment forms for insurers 
and hospitals, is running a 
OTB database on SQL Server 
2005. That’s the sixth-larg- 
est database used for online 


transaction processing (OLTP) | 
| part of the market last year. 
| But Microsoft’s overall market 


worldwide, according to a 
September ranking by Winter 
Corp. in Waltham, Mass. 

AIM migrated from a Unix- 
based Oracle database to SQL 
Server, which is installed on 
an IBM xSeries server with 
eight Intel processors. Adam 
Solesby, director of strategic 
development at AIM, said that 
SQL Server 2005 offers better 
features at a lower price than 
Oracle Corp.’s software does. 

“Our needs are focused 
around... managing the 
sheer volume of data we have,” 
Solesby said. He pointed to 
SQL Server 2005's scalability 
options as a key feature for 
his company, which plans 
to eventually support up to 
12,000 concurrent users on its 
database. 

Barnes & Noble Inc. is using 
a 3TB data warehouse run- 


Server 2005 to analyze the 


sales of its 7.3 million products. 


“The raw performance, as 
well as the price/performance 
ratio, was incredible,” said 
Chris Troia, CIO at the New 
York-based bookseller. 

Troia added that Barnes 
& Noble is increasing the 
amount of information stored 
in the data warehouse from 
three years’ worth of sales 
transactions to five. 


DEVE Lert acim) aes) P42 


Nasdaq Stock Market Inc. 
has replaced aging Tandem 


| mainframes that were used 


to disseminate market trade 


| data with a Windows-based 
| system that’s equipped with 


SQL Server 2005. The data- 


| base server can process 5,000 
| transactions per second and 

| 100,000 queries per day, and it 
| can handle 8 million new rows | 
| of data on a daily basis, said 
| Ken Richmond, vice president 
| of engineering at Nasdaq. 


Microsoft has long domi- 


| nated the low-end Windows 
| database market. According 
| to Gartner Inc., the company 


controlled exactly half of that 


share was about 20%, and it 


| hopes to use SQL Server 2005 
| to chip away at the high-end 


strongholds of Oracle’s 10g da- 


| tabase and IBM’s DB2. 


To try to attract enterprise 


| users, Microsoft is trumpeting 


a collection of high-perfor- 


| mance features in SQL Server 

| 2005, such as database parti- 
tioning, parallel index creation, 

| 64-bit processor support and, 

| by the middle of next year, da- 

| tabase mirroring. 


| Small Market Share 


But in a report issued earlier 
this year, Forrester Research 


| Inc. estimated that out of 


2,000 databases larger than 
ITB worldwide, only about 80 


| — or 4% of the total — ran SQL 
| Server, with the bulk of the 
ning on a 64-bit version of SQL | 


rest running Oracle or DB2. 
Philip Howard, a database 


| analyst at Bloor Research in 


Towcester, England, said Mi- 


| crosoft is making a strong case | 
| that SQL Server 2005 can scale |} 
| enough to handle enterprise- 
| class OLTP databases. But he 


added that he thinks Oracle, 


IBM and NCR Corp.'s Teradata | 


unit all continue to hold an 
edge over Microsoft for large 
data warehouses. 

“I see SQL Server chal- 


The largest SQL Server databases worldwide, as of September: 


User 
U.S. Postal Service 


SOURCE: WINTER 


Type 
Data warehouse 


NEWS 


| lenging Oracle in areas such 
as analysis services and data 
| marts, but for big data ware- 
| houses? No,” Howard said. 


A group director of database 


| management at an information 
provider to the pharmaceuti- 

| cal industry said it’s unlikely 
that his company will move 

| beyond its current strategy of 


SAN FRANCISCO 


last week said SQL Server 2005 
should eliminate any “last bit of 
hesitancy” that enterprise users 
may have about the database's 
ability to scale. Ballmer spoke with 
Computerworld at the 

launch of the SQL Server 
upgrade, Visual Studio 

2005 and BizTalk Server 

2006, discussing the new 
products and other topics. 
Excerpts follow: 


Many large companies 
have been hesitant 


ment? | think enterprises do take it 
seriously. The question is, can we 
eliminate all hesitancy with this set 
of releases? And if you take a look 





at the database benchmarks, at the 


app platform benchmarks, at the 
SAP benchmarks, at the customer 
references, | really do think we can 


change not only the reality with this 


set of releases, but | think we're in a 


position to change what I'll call the 
last bit of hesitancy in the percep- 
tion [of SQL Server's scalability], at 
feast relative to Unix. 


Versus Oracle, has it been a 
question of scalability, stability, 
features or something else? | 
would argue it's been a question of 


perception, not of any of the above. 


We hope to not only be better with 
this set of releases but to have 
people understand that we are bet- 
ter. And we'll see. 


You had a five-year cycle be- 


tween SQL Server releases. What 


did you learn from the experi- 
ence? Do you feel you lost some 


Microsoft Corp. CEO Steve Ballmer 


| using SQL Server only where it 
needs a cost-effective database. | 


The database management 
director, who asked not to be 
named, said he’s aware that 
there are some “major-league” 
data warehouses using SQL 


| Server. But Oracle “was there 
| first” and has more third-party | 
| tools supporting its databases, 


sales opportunities? | want to 
have more rapid releases, but man, 
we've been gaining market share 
this whole period of time. Now that 
we've got the new release, wooo 
baby. | think we're in a great spot. 

It was more important for us to 

get .Net integrated into 
the SQL runtime [than 
to ship the database 
sooner]. | do think we 
should have had the 
ability to release some 
of the other exciting fea- 
tures while we were still 
cooking and baking that. 
We batched everything 
up and therefore we 
did a very long release 
cycle. But if you take a 
look at the [business 
intelligence] stuff, there's this set of 
things that we could have brought to 
market on a shorter time frame. 

So I'm telling our teams, there's 
some stuff we're going to be doing 
that's coming on a six- and nine- 
month cycle, whether it's service 
packs or whatever. There’s going 
to be stuff that'll ship on a two-year 
cycle, and there's stuff that probably 
won't ship but [on] a four-year 
cycle, when it’s really big, hunky, 
thorny stuff. 


Some SQL Server users who 
signed three-year contracts 

for your Software Assurance 
program may not have gotten an 
upgrade before the contracts ex- 
pired. Is there any chance you'll 
guarantee a product release as 
part of a licensing deal? Certainly 
for our desktop products, people 
are anticipating a release. But - 
we're very clear. We're going to 
try to give a value proposition that 
doesn't have an upgrade commit- 
ment. There's all kinds of complex- 
ity - legal complexity, accounting 


www.computerworld.com 


he noted. In addition, Micro- 
soft is still playing catch-up 
on database partitioning and 
doesn’t have a grid computing 
option, he said. ® 


| Computerworld’s Carol Sliwa 


and Elizabeth Montalbano of 
the IDG News Service contrib- 
uted to this story. 


Ballmer Looks to Change Users’ Views of Database 


complexity - associated with that 
proposition, 

At the server level, the biggest 
part of the value proposition for 
Software Assurance frankly isn't the 
upgrade. If you really take a look, do 
most people go back and upgrade 
a legacy server application? The 
answer is no. But they do want to 
make sure that they have the kind 
of support, patching [and] fixing to 
keep that thing in production and up 
and running. 


The Enterprise Edition of Win- 
dows Vista will be available only 
to users who have Software As- 
surance. fs it possible that you'll 
change your mind about that? 
No. | think we like the decision that 
we've made. And the customers we 
talked to seem to like the decision. 

Essentially, what we're saying is 
there’s a set of technology that is 
an extra price option, and because 
that is a class of customer, the 
enterprise, that will care about that 
technology but will also care about 
[Software] Assurance, we've put 
that together. I've heard essentially 
no significant negative feedback 
about that. 


Is there any chance you'll sup- 
port the Open Document For- 
mat, which the Massachusetts 
government's IT division adopted 
as its standard? We've announced 
support today for the PDF format, 
which is one of the interoperability 
formats the state of Massachusetts 
has indicated. We have our own 
formats for doing kind of bridge 
documents of our own styles. So | 
think that’s where our energies are 
focused right now. 


Never say never? That's where our 
energies are focused. 
- CAROL SLIWA 
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Hewlett-Packard Ships Off 
Renamed ApplQ Software 


With acquisition 
done, companies’ 
tools are linked 


BY LUCAS MEARIAN 
Hewlett-Packard Co. earlier 
this month started shipping the 
next generation of the storage 
resource management soft- 
ware it gained as part of its re- 
cent acquisition of AppIQ Inc. 
The new version, Storage 
Essentials 5.0, has been inte- 
grated with Systems Insight 
Manager (SIM), HP’s server 
management software. The 
software had been called 
Storage Authority by AppIQ, 


| 





whose acquisition by HP of- 
ficially closed late last month. 
The Storage Authority- 
SIM integration will allow 
users to view both applica- 
tions on a single screen. The 
Storage Essentials software 
can automatically discover 
and register all physical and 
logical storage assets as well 
as the applications associated 
with those assets, HP said. 
Jeff Hill, a systems and stor- 
age administrator at Exempla 
Healthcare, which manages 
three hospitals in the Den- 
ver area, said that he started 
beta-testing the new version 
five weeks ago. He uses it to 


Well that’s done. 


manage his HP ProLiant serv- 
| ers and storage infrastructure 
with a single monitor. 

He said the reporting tools 
allow his managers to use 
Storage Essentials for charge- 
back purposes. 

“The ApplIQ tool is a little 
more intuitive” than the HP 
OpenView software it is re- 
| placing, he said. 

“It gives you a little cleaner 
interface, and the reporting 
tools are more robust,” Hill 
said. “That’s something I’m 
pretty stoked about because 
that gives me a chance to pass 
information on to my man- 
| agement so they can make 





Happiness is a dependable Ricoh color printer. 


ricoh-usa.com/itchannel 


You can say that 


again. 





Pa a ons 


Essentials 5.0 
& Built on open standards, 
including DMTF-CIM, J2EE 
and SMI-S. 


Systems insight Manager 
server software. 


Rane Se emeeneeewersenneere 


& Will be integrated with 


blade server systems along 
with VMware. 


business decisions about our 
storage.” 

Frank Harbist, vice presi- 
dent and general manager of 
HP’s information life-cycle 
management and Storage- 
Works software, said HP also 


| plans to add more manage- 
| ment tools to Storage Essen- 


tials through application pro- 





gramming interfaces in the 
AppIQ technology 


Such tools, as well as 


| cluster virtualization, grid 


management and enhanced 
reporting tools, can be used 
in HP BladeSystem environ- 


| ments, he said. 


“Fifty percent of all server 


| shipments over the next cou- 


ple of years will be in blades, 


| So our focus in terms of mov- 
| ing this technology forward 


— allowing for automation 


| capabilities — will really be 
| around blade system environ- 


ments,” Harbist said. 
On the traditional server 


| side, Harbist said HP plans to 
| use EMC Corp.’s VMware vir- 
| tualization software to create 
| virtual partitions. The com- 


pany also plans to add storage 
virtualization, or the pooling 


| of storage assets behind a layer 


of abstraction, he said.» 
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SAP CEO Faces Up to 
Competing With Partners 


Company is working with emerging 
rivals Microsoft, Business Objects 


BY JOHN BLAU 
HE LIST of challenges 
facing SAP AG CEO 
Henning Kagermann 
appears to be end- 
less as competition increases 
from Oracle Corp., Microsoft 
Corp., Salesforce.com Inc. and 
emerging open-source firms. 
Despite a heavy workload, 
the straight-talking executive 
found time last week to dis- 
cuss those challenges. 


How has the Oracle buying spree 
affected you and your customers? 
Our customers have no disad- 
vantages. We will continue to 
support products from com- 
petitors as we have done in 
the past. We are professional 
enough to handle co-opetition. 


What is the impact of Oracle’s 
acquisitions on the industry? Over 
the past four years, we gained 
market share and created a 
bigger distance to Oracle. So 
Oracle bought some market 
share to reduce this distance. 
They now try to compete on 
price. 


How is your relationship with Micro- 
soft after the failed merger talks a 
year or so ago, and in the ongoing 
Mendocino project to link your ap- 
plications with Office? We have 

a good working relationship 
with Microsoft, Mendocino 
being a prime example. [And] 
there are others, such as im- 
proving the interconnectivity 
of .Net and NetWeaver. We 
have a relationship that works 
well, and we have no intent to 
change it. 


How serious is the threat of hosted 
services to SAP, and are you 

still planning to launch a hosted 
product line? We said in June 
that some announcements 
will come, and this is still true. 





| Today we offer hosted services, 


{and we] partner with hosting 
companies. 


How will the SAP hosting service 
work? We will be offering a 
service that will help custom- 
ers deploy certain functions of 
our software products much 
faster, similar to what Sales- 
force does. The real benefit of 
Salesforce is not the hosting 
opportunity, but rather the fact 
that the company has selected 





| some functionalities that it 
| can deploy very fast. 


How does the expansion 

of business intelligence 

functions in NetWeaver 

impact your partnership 

with Business Objects and 

others? This is another 
example of co-opetition. 

We have extended our 
analytics capabilities 

with SAP Analytics. We 

have made it very clear 

to the market that embedded 
analytics is the future and that 
analytic capabilities are part of 
end-to-end business processes. 


| On the other hand, there are 

specialists, such as Business 

| Objects, who are interested 
in working closer with 
SAP because we have 
joint clients. We're not 
fighting them in this 
area. 


Are you concerned at all 
about Microsoft's recent 
move to add BI capabilities 
to SQL Server? We treat 
Microsoft like any other 
| partner. In fact, I see a good 
opportunity for us to embed 
some analytic capabilities in 
our joint offering, Mendocino. 


Investment Firm Buys Geac and 
Sends ERP Software to Infor Global 


New company 
to get remaining 
products ina 

$1 billion deal 


BY STACY COWLEY 

Private equity firm Golden 
Gate Capital Corp. last week 
agreed to buy business soft- 
ware maker Geac Computer 
Corp. for about $1 billion. 

The plan is to split up Geac, 
which in recent years has made 
numerous acquisitions, accord- 
ing to Golden Gate Capital. 

The Markham, Ontario- 
based company’s ERP soft- 
ware — including System21, 
Runtime, RatioPlan, Stream- 
line and Management Data 
— will become the property of 
another Golden Gate Capital- 
funded company, Infor Global 
Solutions. The remaining 
product lines will form the 
basis of a new, as yet unnamed 
company. 

The companies expect the 
deal to close early next year. 

Geac, which bills its prod- 





ucts as “software for the CFO,” 
reported a profit of $77 million 
on revenue of $444.4 million in 
the fiscal year that ended April 
30. The enterprise applications 
business drove 80% of Geac’s 
revenue last year, the company 
said in its annual report. 

The software that Infor is 
acquiring accounts for about a 
quarter of Geac’s revenue, said 
Infor President and Chief Op- 
erating Officer Ken Walters. 


Formidable Player 

Infor is becoming a formida- 
ble player in the ERP market, 
with a portfolio built through 
acquisitions, including the 
company’s $350 million pur- 
chase of Mapics Inc. earlier 
this year. 

The privately held company, 
based in Alpharetta, Ga., sells 
its products mostly to com- 
panies with less than $250 
million in annual revenue. 
Infor has 2,300 employees and 
18,000 customers worldwide. 

The new company to be 
formed by San Francisco- 
based Golden Gate Capital 


will include two business units 
built around Geac’s remaining 
assets. It will be headed by a 
CEO who will be named prior 
to the closing of the transac- 
tion. 

The new company’s finan- 
cial applications unit will 
focus on Geac’s Enterprise 
Server, SmartStream, Anael, 
Extensity and Comshare prod- 
ucts. Meanwhile, an industry- 
specific applications group 
will concentrate on serving 
vertical industries, including 
libraries, local governments 
and restaurants, Geac said. 

Before accepting Golden 
Gate’s offer, Geac’s manage- 
ment team spoke with two- 
dozen potential suitors, Geac 
CEO Charles Jones said ina 
conference call with analysts. 

Jones said Golden Gate had 
deep pockets and enough 
resources to back Geac’s tech- 
nology plans. “Golden Gate is 
committed to continuing the 
vital support of Geac’s prod- 
ucts,” he said. 

Analysts at Boston-based 
AMR Research Inc. said in 
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Analytics is just another area 
where we have some overlap 
with Microsoft, but it’s not 
an area that will stop us from 
continuing to cooperate. 


How much competition are you ex- 
pecting from emerging open-source 
application companies like Sugar- 
CRM, which offer low-cost software 
to smaller companies? I don’t be- 
lieve business applications are 
a field for open-source. The 
Linux operating system is one 
thing. It’s well defined and de- 
veloped by a community used 
to programming. Applications 
are another story, particularly 
business applications. Design- 
ing applications to run busi- 
ness processes requires very 
strong governance. And I have 
my doubts if a community can 
achieve this. ? 

Blau is a reporter for the IDG 
News Service. 


a report that Geac’s fate il- 
lustrates that simply gobbling 
up lots of applications with 
lucrative maintenance revenue 
streams won't be enough to 
ensure vendor viability. 

“[Geac] lagged behind most 
vendors in technology innova- 
tion and deep verticalization 
for the customers it served,” 
the report said. “In its model, 
its only way to sustain and 
grow margins was to continue 
on the acquisition trail. But 
the continued consolidation 
in the software market made 
those acquisitions more dif- 
ficult — particularly at the price 
points it was willing to pay.” 

Joshua Greenbaum, an ana- 
lyst at Enterprise Applications 
Consulting in Berkeley, Calif. 
added that the sale of Geac 
will likely benefit shareholders 
and management more than 
customers. 

The Geac portfolio will 
mostly be used as a cash cow 
that generates maintenance 
revenue, he said. Greenbaum 
said he doesn’t expect the new 
firm to spend significant re- 
search and development 
dollars to update products. » 


Cowley is a reporter for IDG 
News Service. Marc L. Songini 
contributed to this story. 
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New System Promises to Help 
FAA Detect, Respond to Threats 


Security event management tool can 
sift through torrents of information 





BY JAIKUMAR VIJAYAN 

The Federal Aviation Admin- 
istration has just finished in- 
stalling a security event man- 
agement system designed to 
help the agency better detect 
and respond to external and 
internal threats. 

The new FAA system is 
based on ArcSight Inc.’s En- 
terprise Security Management 
(ESM) software, which allows 
users to centrally monitor, 
collect and analyze informa- 
tion from multiple network 
security devices, including 





intrusion-detection systems 
and firewalls. 

The system is part of a 
broader FAA effort initiated 
after the 2001 terrorist attacks 
to bolster its network defenses 
and incident-response capa- 
bilities, according to Michael 
Brown, director of theO ce 
of Information Systems Secu- 
rity at the FAA. 

“We were looking for a way 
to manage the large volume of 
information coming from mul- 
tiple [network] sources [and] 
do a lot of correlation and data 


Well that’s done. 





; reduction,” he said. Brown 


said the agency hopes the new 
system can help it manage the 
large amount of information 
generated by security systems. 
ArcSight’s ESM, like other 
products in its class from ven- 
dors such as netForensics Inc., 
NetIQ Corp. and Intellitactics 
Inc., is designed to quickly sift 
through the torrent of data 
generated by multiple security 
devices and to focus on the 
most important information. 


A Million Alerts Per Day 
At the FAA, for instance, fire- 
walls, system log files, vulner- 
ability scanners and intrusion- 
detection systems can together 
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generate more than | million 
alerts per day — only a very 
small fraction of which merit 
any follow-up, according to 
Brown. 

“At the end of the day, after 
all the analysis has been done, 
we are looking at roughly 15 to 
20 [important] alerts,” he said. 
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Apart from transforming 
raw event data into usable 
intelligence for security and 
network administrators, se- 
curity event management 
tools such as those from Cu- 
pertino, Calif.-based ArcSight 
can be useful for forensic 
analysis after a terrorist at- 
tack, Brown said 

Like other agencies, the FAA 
— which is part of the U.S. De- 
partment of Transportation — 
is subject to audits by the Gov- 
ernment Accountability O ce 
and is required to implement 
strong incident-response ca- 
pabilities under the Federal 
Information Security Manage- 
ment Act. 

The new event management 
capability will allow the FAA 
to create an auditable security 
infrastructure to demonstrate 
compliance with such require- 
ments, Brown said. ® 
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NEWS 


Corporate Users See Potential 
In Cisco’ Radio Technology 


IP-based system 
goes beyond use 


for emergencies 


BY MATT HAMBLEN 
NEW YORK 
ISCO SYSTEMS Inc.’s 
new IP-based radio 
interoperability 
technology is geared 
toward helping emergency 
response workers talk to one 
another at disaster scenes. But 
it could also be used by large 
businesses as part of efforts to 
improve productivity, accord- 
ing to some early adopters. 
For example, Maher Termi- 
nals Inc. has been using the 
Internet Protocol Interoper- 
ability and Collaboration Sys- 
tem (IPICS) in production ap- 
plications at its 450-acre cargo 





terminal in Port Elizabeth, 
N,J., since June. After Cisco 
announced the technology 
here last month, Steven Rum- 
mel, Maher’s vice president of 
IT, said that IPICS is providing 
connections among about 500 
Cisco IP telephones and 700 
Sprint Nextel push-to-talk ra- 
dios, as well as 25 PCs. 

The links give Maher’s 
workers new options for com- 
municating with one another, 
Rummel said. He noted that 
engineers looking at technical 
drawings in an office can use 
IPICS to give instructions to 
mechanics who are repairing 
large gantry cranes, instead 
of having to carry the docu- 
ments to the site. That helps 
get cranes back in operation 
more quickly, reducing down- 
time costs that he estimated 





at $30,000 for every 30 
minutes one is out of 
service. 

In addition, supervi- 
sors can monitor crane 
and other shipping op- 
erations from their of- 
fices via remote IP-based 
cameras. The Cisco 
technology could also 
be used as a communi- 
cations bridge between 
Maher personnel and 
U.S. Customs and Border Pro- 
tection officials, Rummel said. 

According to Cisco, IPICS 
creates a shared communica- 
tions architecture for land- 
line telephones, cell phones, 
proprietary radios and other 
handheld devices, and PCs 
equipped with softphones. 

Schiphol Telematics, which 
operates some of the IT 
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networks at Schiphol 
Airport in Amsterdam, 
began testing the IPICS 
technology in Septem- 
ber to evaluate its po- 
tential value for emer- 
gency response as well 
as daily operations. 

Henry van der Geest, 
financial director at 
Schiphol Telematics, 
said airport officials 
see numerous needs for 
business-to-business radio in- 
teroperability, especially when 
planes are being serviced by 
food services or cleaning con- 
tractors. IPICS could support 
communications between the 
crews in planes and workers 
in the airport’s terminals or 
control tower, he said. 

There are “dozens” of 
independent networks at 
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the airport that also could 
benefit from the interoper- 
ability promised by IPICS, 
according to van der Geest. 
But, he added, officials are 
still in the midst of laying the 
groundwork for deploying the 
technology. “We have to cre- 
ate the right business model 
to use it effectively,” van der 
Geest said. 

Gordon Bruce, CIO for the 
city of Honolulu, said a two- 
week test of IPICS in early Oc- 
tober showed that it would be 
valuable not only in improving 
communication between the 
city’s police and fire personnel 
during emergencies, but also 
for day-to-day operations in- 
volving agencies at all levels of 
government on the Hawaiian 
island of Oahu. 

One unknown is how much 
it will cost to buy IPICS, which 
includes server hardware and 
software components and a 
push-to-talk client application. 
Charles Giancarlo, Cisco’s 
chief development officer, said 
pricing won’t be announced 
until next year. » 





Banks Urged to Automate 
Online Transaction 


Authentication 
guidelines aren’t 
the only answer 


BY JAIKUMAR VIJAYAN 
As banks move to install 
stronger end-user authentica- 
tion technologies to meet new 
federal guidelines for online 
security, they shouldn’t over- 
look the importance of provid- 
ing transaction-level controls 
as well, according to some IT 
managers and analysts. 
Stronger authentication isn’t 
the only answer when it comes 
to mitigating online banking 
risks, said Alenka Grealish, an 
analyst at Celent LLC, a con- 
sulting firm in Boston that fo- 
cuses on financial services IT 
issues. “I think it’s important 
to not only pay attention to 
how we secure the door to the 
bank but what should be done 





when or if a criminal finds his 
way through that door,” Greal- 
ish said. 

Existing security threats, 
such as Trojans and e-mail 
phishing attacks, already can 
bypass some of the strongest 
authentication technologies 
available, noted Jonathan 
Penn, an analyst at Forrester 
Research Inc. Therefore, 
what’s also needed is more 
transaction and account moni- 
toring, as well as behavior 
modeling, to help detect and 
prevent fraud, Penn said. 

Automated tools are avail- 
able to help users do the moni- 
toring and modeling work, but 
their use remains relatively 
low in the retail banking in- 
dustry, he added. 

The advice offered by Greal- 
ish and Penn is appropriate, 
given the level of online se- 
curity threats that banks face, 





Controls 


said Donna Pfeil, vice presi- 
dent of information security 
and compliance at ShoreBank 
Corp. in Chicago. 

“Tt really is all about think- 
ing through the process and 
making sure you understand 
what the best solutions are for 
mitigating the risk of having 
your customer information 
compromised,” she said. 

According to Pfeil, Shore- 
Bank had been evaluating new 
authentication technologies 
even before the Federal Finan- 
cial Institutions Examination 
Council on Oct. 12 called on 
banks to add a second form of 
authentication to username 
and password processes. 

She said that bank staffers 
are now trying to understand 
where security threats exist 
by monitoring online trans- 
actions and examining how 
ShoreBank’s Internet banking 





services are being used. The 
bank’s goal is to implement an 
authentication process that is 
tied to the level of risk associ- 
ated with individual transac- 
tions, Pfeil added. 

Regulations such as the USA 
Patriot Act already require 
banks to do a certain level of 
account and transaction moni- 
toring, which can be useful in 
detecting fraud, said Tom Rob- 
ertson, senior vice president 
of IT at Charter Bank in Belle- 
vue, Wash. To help mitigate 
security risks, measures such 
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best solutions are for 
mitigating the risk of 
having your customer 
information compro- 
mised. 


DONNA PFEIL, VICE PRESIDENT, 
SHOREBANK CORP. 





as consumer education and 
awareness campaigns also are 
crucial, he noted. 

“In the credit card world, 
every single transaction is 
scored for the chance of it be- 
ing fraudulent,” said Naftali 
Bennet, CEO of Cyota Inc., a 
New York-based vendor of 
tools that analyze the potential 
risks of online banking trans- 
actions. A similar approach is 
needed in the retail banking 
sector, Bennet said. 

Other vendors also are of- 
fering fraud management tools 
to banks. For example, Fair 
Isaac Corp. in Minneapolis has 
started marketing a banking 
version of its Falcon technol- 
ogy, which monitors transac- 
tions and account activity and 
looks for behavior that devi- 
ates from the norm. 

In addition, New York-based 
Actimize Inc. offers a suite of 
fraud-prevention products for 
online security issues such as 
account takeovers, identity 
theft and check fraud. » 


Eric Lai contributed to 
this story. 
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OPINION 


DON TENNANT 


Daring to Dream 


LMOST exactly a year ago in this space, 
I thanked IT professionals for what they 
did for my dad, who had died a few days 
earlier of ALS. I thanked them for the 
perseverance they showed in creating 
and advancing the systems that have improved all 
our lives, and especially for those he so loved using 
himself, until, as I recounted then, he could no longer 
lift his arms to his keyboard and his fingers could no 


longer press the keys. 


My dad was very proud 
of the fact that I speak 
Chinese, and he once 
asked me what the Chi- 
nese word for “computer” 
is. I told him it’s dian nao, 
which, literally translated, 
means “electronic brain.” 

He got a kick out of that. 
“Well, that makes sense,” 
he said. “That’s probably 
what we should be calling 
them.” 

That exchange came to 
mind earlier this month 
when I attended the open- 
ing of the McGovern Institute for 
Brain Research at MIT. The institute 
was founded by Patrick J. McGovern, 
founder and chairman of Internation- 
al Data Group, Computerworld’s par- 
ent company; and by his wife, Lore 
Harp McGovern. I was intrigued by 
Pat McGovern’s lifelong journey, one 
that had taken him from wanting to 
help people understand electronic 
brains to wanting to help them un- 
derstand the human brain itself. 

McGovern talked about that jour- 
ney in his eloquent remarks at the 
opening ceremony. He recalled some 
advice his mom had given him when 
he was a boy. She told him that what- 
ever he did with his life, he had to be 
proud of doing it, he had to be around 
people he enjoyed doing it with, and 
he had to have a dream. 

McGovern’s dream was to im- 
prove the quality of people’s lives 
through improved communication. 
It’s not surprising, then, that for four 
decades he has devoted himself to 





technology publishing 
— an endeavor that, not 
coincidentally, melds 
the communications- 
oriented mission of 
publishing with the de- 
velopment of the tools 
that have advanced com- 
munication more in the 
past 50 years than in the 
entirety of previous re- 
corded history. 
Referring to his travels 
around the world in the 
course of making IDG 
the global media insti- 
tution it is, McGovern said he was 
struck by how alike the people in ev- 
ery country he’s visited truly are. He 
noted that they share the same fun- 
damental aspirations and concerns, 
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regardless of which side of any par- 
ticular political boundary they hap- 
pen to reside on. At the same time, he 
found that despite their similarities, 
the people in different countries ap- 
pear to have an inherent distrust of 
one another. How, McGovern won- 
ders, do we account for that commu- 
nication breakdown? 

Many would argue that the answer 
has a spiritual element. But if we can 
accept that there is a link between the 
spiritual and the physical, how can 
we develop a deeper understanding of 
the physical dimension of thought and 
emotion? Simply put, why does the 
brain work the way it does? 

The McGovern Institute for Brain 
Research is the McGoverns’ dream to 
find the answers. Suppose we could 
learn enough about the brain to en- 
able us to understand and treat the 
neurological disorders, both mental 
and physical, that afflict so many mil- 
lions of people all over the world. 

As I ponder that supposition, I 
think about the neurological disorder 
that caused my dad so much suf- 
fering, and that ultimately took his 
life. And I think how glad I am that 
people like Pat McGovern dare to 
dream.» 
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MICHAEL H. HUGOS 


The Music 
We Make 
With IT 


IVING IN Chicago, I am 
influenced by two na- 

ive musical traditions: 
rhythm and blues, and jazz. 


Rhythm and blues is the profoundly 
simple yet powerful music that blends 
a steady bass rhythm with a flourish 
of higher notes, usually delivered by 
guitar and a singer’s voice. The steady 
bass rhythm connects me to the mu- 
sic, while the flourish of higher notes 
leads me on a voyage to compelling 
places within that music. Wow! 

In jazz, musicians explore a musical 
space freely, blending their individual 
contributions into the piece of music 
they are creating together. Yes! 

I see something of each of these 
two traditions in run- 
ning an IT operation, 
whether it is a single 
project or a whole 
department. The 
steady, reliable bass 
beat of rhythm and 
blues is analogous to 
what they call “dial 
tone” in telecom, that 
steady hum of behind- 
the-scenes activity 
that keeps users con- 
nected to systems. 
The bass beat of IT 
comes from folks 
who follow a highly 
disciplined process 
to keep systems hard- 
ware, software and 
communications links 
up and running 24/7. 

As with rhythm and blues, it’s the 
flourishes that are memorable. In 
the case of IT, the flourishes are the 
business applications, which deliver 
the results people desire from IT. 
Rhythm and blues doesn’t really work 
if the bass line falters or the flour- 
ishes don’t soar and thrill the listener. 
In IT, we need to keep the pulse of 
that bass line while finding ways to 
focus most of our energy on creating 
business applications that people really 
like. After all, it’s only through enthu- 
siastic and effective use of the right 
bundle of business applications that 
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companies will reach the destinations 
they seek. 

Outsourcing much of the activity 
involved in creating the bass beat is a 
good idea because there’s such a large 
degree of commonality in creating that 
beat from one company to the next. 
Companies are best served by focus- 
ing on developing in-house talent that 
really understands its unique needs 
and can deliver the appropriate bundle 
of business applications to fit the busi- 
ness situation as it evolves. 

Some companies try to outsource the 





flourishes of higher notes, too. They 
choose their favorite flourishes from 
among a limited selection (the top ERP 
packages, the top CRM packages, the 
top supply chain packages) and leave 
it at that. But they wind up living in a 
Top 40 pop world, sounding like every- 
body else. I'll take the power of rhythm 
and blues, where the best musicians 
always tailor the higher notes (depend- 
ing on audience and mood) to meet the 
needs of the moment. 

As for jazz, every jazz musician must 
master a set of techniques and then 





use those techniques to bring out the 
strengths of his chosen instrument. 
First one musician leads and the others 
follow, then the lead passes to another 
musician and so on. 

Mastery of technique allows the mu- 
sicians to go in many different direc- 
tions with a piece of music. This is also 
what good IT groups in any organiza- 
tion do. Using the IT infrastructure 
and tools they have available, they 
support and enable their company to 
go in different directions as business 
environments change. 





Effective IT operations are com- 
posed of people who know how to 
combine their individual contributions 


| into the unique blend of systems that 


a company needs in order to prosper. 
They are blends of people providing 
outsourced capabilities and in-house 
talent who follow a process of working 


| together to make powerful music. ? 
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Readers Take a Closer Look at the Gender Gap in IT Salaries 


ON TENNANT’S editorial 
titled “Wage Gap Flap” [Oct. 

31] points to an important topic that 
should concern us all — equity in 
pay. Nonetheless, | consider this 
topic to be outside the scope of a 
technology-related publication like 
Computerworld. 

If the publication is seriously going 
to get into this minefieid of a topic, 
it had better start recognizing its 
complexity rather than dealing with 
it at a superficial level. For example, 
there are statistically demonstrated 
reasons why men get paid more on 
the average than women. These 
include putting in longer work hours, 
having more years of experience in 
acertain specialty, being more will- 
ing to move to a new location when 
an employer requests it, traveling for 
business more frequently and tak- 
ing jobs with a greater proportion of 
commission to salary. 

There are many other factors, and 
they are well documented in the 





| excellent book Why Men Earn More: 


The Startling Truth Behind the Pay 
Gap - And What Women Can Do 
About It, by Warren Farrell. 

All other factors being the same, 
of course women should earn the 
same amount as men, but the truth 
is, all other factors are not the same. 
Don't take my word for it; read the 
book. 

Charles Cresson Wood 
Information security consultant, 
InfoSecurity Infrastructure Inc., 
Sausalito, Calif. 


UCCESS IN IT is based on 

what you know. It's a reflection 
of what's on your résumé. After 
three years, your technology knowl- 


| edge is useless. 


If you take time off to have a baby, 
you aren't likely to get experience 
on configuring the latest and great- 
est routers unless you have lots of 
money to buy equipment. You will 
lose your certifications, which may 





The Moth That Spawned Bug Was No Myth 


WAS VERY surprised to read 
Fred E. Brandli Jr’s letter (Oct. 31} 
asserting that the Mark IV moth is 
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The infamous Mark Ii moth 





a myth. A little research at the U.S. 
Navy's official history site sheds a 
little more light on the truth of the 
story. It turns out that the moth was 


| onthe Mark Il computer, not the 


Mark IV. Perhaps this is the source 
of Brandli’s confusion. 

You can find a high-resolution 
photograph of the moth, and the lab 
book into which it was pasted, at 
http://history.navy.mil/photos/ 
pers-us/uspers-h/g-hoppr.htm. 
Simson L. Garfinkel 
Center for Research on Computa- 
tion and Society, Harvard 
University, Cambridge, Mass. 


| not get you a pay raise but may get 
you the job. And when you decide 
to work again, your salary starts at 
whatever you can get an offer for. 

If you won't move to improve your 
career because your family wants 
to stay in a particular city, then you 
won't get the pay increase that goes 
with the move, which determines 
your future pay. 

| have moved three times in my 
career. Each time it was for better 
pay or experience. If | had stayed 
in the same city, | would probably 
be making 10% to 20% less than | 
am making now. You have to move 
where the jobs are, especially in a 
tight job market like today. 
Ken Hollis 
Tulsa, Okla. 


AGREE WHOLEHEARTEDLY 
that women should earn the same 
as men for doing the same work. 
However, this is already the case. 
According to the National Center for 
Policy Analysis, for full-time work, 
women already earn about the same 
as men for the same job history 
- the “wage gap” is the result of dif- 
ferences in field, time taken off, etc. 
And for part-time work, women earn 
significantly more than men 
Richard Sol 
Los Angeles 


DO NOT UNDERSTAND the 

argument that women can be paid 
less because they take time off to 
raise families. 

| have read a number of articles 
stating that people change jobs 
frequently, and so most employees 
have very little time with any partic- 
ular company. Thus, all employees 








are hired based on what they can 
do for a company in the present, 

not what they did for some other 

company in the past. This makes 
the tenure issue a relatively moot 
point when it comes to deciding 

compensation. 

Michael Frank 

Los Angeles 


T A RECENT meeting with 

my staff, as we were gathered 
around the table in what is known 
as the IT Kitchen, | asked my 19 
employees to close their eyes. | 
then asked them to tell me who 
outnumbered who on our team, men 


| or women. As they were doing that 


mental math, | asked, How many 
blacks? Asians? Hispanics? Old 
white guys? 

No one knew the correct answers 
to these questions. And that was 
the point - no one needed to know, 
because gender, race, ethnic- 
ity and other things that separate 
people should be a nonissue. They 
become a nonissue when you suc- 
ceed in not discriminating against 
peopie. 

If you are doing your job as the 
IT hiring manager — hiring, promot- 
ing and compensating based on 
objective criteria, and ignoring your 
natural prejudices — then chances 
are you'll end up with a varied group 
of people who are equitably and 
fairly paid. 

Justice starts at home. My 19 IT 
workers and how they are compen- 
sated will not make a dent in the na- 
tional averages or the surveys, but 
we know we've done our part. 

Paul Dearing 

CIO, PaperPak Products Inc. 
San Dimas, Calif, 
pdearing@paperpak.com 


| I? BE interested to see what 

| happens to the gender wage gap 
when it is correlated to time in the 

| career. Comparable worth is a great 

| theory, and merit-based pay is a 
wonderfully egalitarian obiective, but 

| let's face it — tenure is usually more 

important to determine salaries, and 

women tend to drop out of the work- 

force more often than men, leaving 

them, on average, with shorter ca- 

reers. Sure, more and more women 

are re-entering their careers later 

- after the kids have started school, 

for example — but the net effect is 


(not to demean the work required 

| to raise kids) for women is less than 
| men. Perhaps it is around 90%? 
Brian E. Hoffman 

Business analyst, New York, 
behoff@acm.org 





F YOU had taken that survey 20 
| B years ago, the gap would have 
| been alot wider. The business world 
continues to change its view as time 
passes. | believe there is hope for us 
| women, and as another generation 
| of managers and executives retires, 
| this gap will become even smaller. 
Karina Huckel 


King of Prussia, Pa. 


COMPUTERWORLD welcomes com- 
ments from its readers. Letters will 

be edited for brevity and clarity. They 

| should be addressed to Jamie Eckle, 

| letters editor, Computerworld, PO Box 
9171, 1 Speen Street, Framingham, 


| Mass. 01701. Fax: (508) 879-4843. 
| E-mail: letters@computerworld.com. 


Include an address and phone num- 
ber for immediate verification. 

For mare letters on these 

and other topics, go to 
www.computerworld.com/letters 
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ThinkPad recommends Windows® XP Professional. 


YOU’RE LOOKING AT THE 
MOST SECURE WIRELESS PC. 


AND THE EASIEST WAY 


Availability: All offers subject to availability. Lenovo reserves the right to alter product offerings and specifications at any time, without notice. Lenovo is not responsible for photographic or typographic errors. *Pricing: Prices do not include tax or shipping or recycling fees and are subject to change without 
notice. Reseller prices may vary. Warranty: For a copy of applicable product warranties, write to: Warranty Information, P.0. Box 12195, RTP, NC 27709, Attn: Dept ZPYA/B676. Lenovo makes no representation or warranty regarding third-party products or services. Footnotes: (1) Mobile Processors: Power 
management reduces processor speed when in battery mode. (2) Wireless: based on IEEE 802.114, 802.11b and 802.11g respectively. An adapter with 11a/b, 11b/g or 11a/b/g can communicate on either/any of these listed formats respectively; the actual connection will be based on the access point to 
which it connects. (3) Included software: may differ from its retail version (if available), and may not include user manuals or all program functionality. License agreements may apply. (4) Memory: For PCs without a separate video card, memory supports both system and video. Accessible system memory 
is up to 64MB less than the amount stated, depending on video mode. (5) Hard drive: GB = billion bytes. Accessible capacity is less; up to 4GB is service partition. (7) Thinness: may vary at certain points on the system. (8) Travel Weight: includes battery and optional travel bezel instead of standard optical drive in 
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Innovations by InterSystems 


Easy database administration Massive scalability on minimal hardware 


Multidimensional Database 
Enables Rapid Development. 


Caché is the first multidimensional database for transaction processing and real-time analytics. Its 
post-relational technology combines robust objects and robust SQL, thus eliminating object-relational 
mapping. It delivers massive scalability on minimal hardware, requires little administration, and 
incorporates a rapid application development environment. 

These innovations mean faster time-to-market, lower cost of operations, and higher application 
performance. We back these claims with this money-back guarantee: Buy Caché for new application 
development, and for up to one year you can return the license for a full refund if you are unhappy for any 
reason.* Caché is available for Unix, Linux, Windows, Mac OS X, and OpenVMS - and it's deployed 
on more than 100,000 systems ranging from two to over 50,000 users. We are InterSystems, a global 
software company with a track record of innovation for more than 25 years. 


InterSystems 


CACHE 


Try an innovative database for free: Download a fully functional, non-expiring copy of Caché, or request it on CD, at www.InterSystems.com/Cache12A 


© 2005 InterSystems Corporation. All rights re c che is a registered trademark of InterSystems Corporation. 11-05 Cachelnnol 2CoWe 
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According to a survey by Forrester Research Inc. the majority of 


large North American companies are very worried about the security 
of their database servers. 


Forrester interviewed 24 companies with 
$500 million or more in revenue and found that: 


@) were extremely concerned. 


(0) were very concerned. 
8) were concerned. 


@) were somewhat concerned. 


2) were not concerned. 


At the same time, more than half (15) said they felt that their 
databases are protected against intrusions, although only 
five felt that theirs are very protected and just one said its 
databases are extremely protected. Of the 24, three said 

their databases are somewhat protected, and none said 

their databases had no protection. 


SOURCE: FORRESTER RESEARCH INC.. MARCH 29. 2005 


Finding that network and 
companies are turning to software 
and provides an audit trail. 


T McCARRON International Airport in Las 
Vegas, virtually every detail of airport op- 
erations is stored in one of 14 Oracle Corp. 
or Microsoft Corp. database servers. Pas- 
senger data, personnel files, flight information, air- 
port security data — all of that plus volumes of other 
sensitive information are housed in the databases. 
Any unauthorized change to or theft of that data 





says his SQL Guard database auditing and monitoring tool has been “an immense timesaver.” 


could have severe consequences for the airport. 

So naturally, when Phillip Murray, McCarron’s de- 
partmental systems administrator, receives a request 
from airport security to look into a suspicious trans- 
action, he takes it very seriously. Until recently, he 
might have devoted days, or even weeks or months, 
to scouring log files and SQL statements to investi- 
gate questionable activity on a database. “I'd have to 


carefully piece together events,” he says. “It’s a matter | 


of browsing through thousands of transactions.” 

Today, however, Murray spends a lot less time ana- 
lyzing log files thanks to a database activity auditing 
and monitoring tool — SQL Guard from Guardium 
Inc. in Waltham, Mass. The software tracks database 
access and transactions, sending alerts when unusual 
activities are spotted. If Murray needs to analyze an 
event more closely, SQL Guard provides an audit trail 
of the relevant commands and transactions. 

“It’s been an immense timesaver,” says Murray. 

While much of today’s application-level security is 


automated with third-party tools, the databases be- 
hind these applications are often not so secure. The 
assumption is that attacks will occur from outside 
and be caught by the firewall or the log-in and autho- 
rization process of the application. Databases, it is 
presumed, are too far into the back office to be threat- 
ened by a direct attack. 

“Traditionally, databases are deep in the organiza- 
tion, so it’s hard for somebody to directly nail the 
database server,” says Rich Mogull, research vice 
president at Gartner Inc. “But more organizations are 
now concerned about their own systems administra- 
tors and other employees, not just external attackers, 
and that’s where these tools are the most valuable.” 

Concern about data security has been heightened 
by media reports of thefts of consumer data, as well 
as financial fraud by employees. Government regula- 
tions, such as the Sarbanes-Oxley Act, have also em- 
phasized the need to closely audit access to sensitive 

Continued on page 32 
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Bumrungrad Hospital, Southeast 
Asia’s largest healthcare facility, created a kid-friendly pediatric clinic out of a 10,000-square-foot 
medical records unit. How? An ultra-scalable, 4-way Intel Xeon processor-based system 
improved data reliability and made records paperless. Read more about Bumrungrad Hospital's 

experience-with Intel built in at intel.com/builtin. be 
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Continued from page 29 

data. And, of course, for organizations that serve 
the public — like McCarron Airport — the terrorist 
attacks of Sept. 11, 2001, significantly heightened 
security fears. 

“Since 9/11, we had to start looking at our vulner- 
abilities. Despite the fact that we do rigorous back- 
ground checks, there’s a possibility that someone 
might come in and gather data that would make the 
airport easier to attack,” says Murray. 

But for McCarron, as with most organizations, 
there’s a lot of data to protect. With so much informa- 
tion at risk and too few human resources available 
to police it all, the demand for automated security 
products such as database activity monitoring and 
auditing tools has been on the rise. 


Beyond Built-in Database Security 

Within the database itself, there are several security 
features that can help protect data, including user 
access controls, removal of unnecessary services 
and accounts that could be exploited, and locking 
out users who fail several log-in attempts. 

Databases also come with their own logging and 
alerting capabilities. However, these are usually 
highly manual utilities requiring a lot of time and 
effort to employ. 

For instance, a database administrator can set trig- 
gers on certain fields in a database that will send an 
alert if altered, but setting multiple triggers for every 
field or event takes time, and too many triggers can 
degrade the performance of the database. 

Databases also have logs that can record failed 
log-ons and other activities. But these require a hu- 
man to pore over SQL statements. “Every transaction, 
good and bad, you have to wade through to find what 
you're looking for,” says Murray. “The purpose of 
these log tools isn’t to help investigate an event but to 
restore you to some point in time.” 

This is where an automated tool can prove useful. 
Third-party database activity monitoring tools work 
by developing a profile of normal activity that com- 
panies can use to spot unusual and suspicious data- 
base transactions. The monitoring tools then either 
send out an alert to a human operator or automati- 
cally block the transaction. Likewise, when auditing 
an event after it has occurred, the tools will filter out 
normal transactions in the log and consolidate suspi- 
cious ones. 


Network vs. Agent-based Monitors 
Database monitoring tools typically work in one of 
three ways. Some sit on the network and sniff the SQL 
stream. Others may connect to a specific port through 
which the data traffic flows. Or they may be off-line 
tools that read the databases’ log files. All three ap- 
proaches have their merits, according to proponents. 
Those that sniff the SQL stream don’t affect the 
performance of the database server and can be more 
easily deployed for multiple types of databases. On 
the other hand, those that read database log files 
don’t slow network performance and are apt to catch 
more types of suspicious activities, because not all 
database access occurs over the network, such as 
when a database administrator is working within 
the data center. 
Also, encrypted traffic or a heavy volume of traf- 
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Deciphering 
C2 Security 


Many leading database products come with an 
option called Class C2 (Controlled Access Protec- 
tion) security. Developed by the U.S. Department 
of Defense and outlined in the DOD's publication 
Trusted Computer System Evaluation Criteria (also 
known as the Orange Book), C2 is one of several 
levels of security policies, ranging from D for 
minimal protection to A for the highest protection. 
C2 is the most common high-security certifica- 
tion for commercial databases and operating sys- 
tems. When the C2 security option is turned on, it 
will log and audit ali security events, protect data 
objects on a per-authorized-user basis, document 
security testing and require a number of identi- 
fication and authorization procedures for users. 
It places your database in a locked-down mode 
aimed at parceling out access on a need-to-know 
basis. However, C2 isn’t equivalent to database 
monitoring and auditing tools, which monitor and 
alert on specific activities defined by an organi- 
zation but don't necessarily block or limit those 


transactions. 
~ SUE HILDRETH 


fic can be a problem for some products. And each of 
these tools will initially create a flood of false posi- 
tive alerts as it learns traffic patterns, which will 
create an extra burden for whomever is tasked with 
monitoring alerts and tweaking the auditing tool. 

On the positive side, these products typically pro- 
vide four key functions: 


1. Mor 


4 5 ££, : ‘ 
tor trafic in real time 


The software profiles everything from the type of 
data normally accessed by users and the number of 
records typically pulled for specific queries to the 
log-on times typical for a user. So if an authorized 
user, who never works weekends, logs in on Saturday 
night and downloads 1,000 records, the software 
sends a red flag. It will also keep an eye on metadata 
changes, alterations to user privileges and abnormal 
transactions. 


2. Send an alert in response to suspicious activity. 


Once the software has profiled the normal activ- 
ity of the database and the IT staff has added any of 
its own access rules, the tool can identify abnormal 
activity. Typically, alerts are sent via e-mail or to a 
console for action by the administrator. 


3. Automate the auditing process. 


While auditing won’t prevent theft or intrusion, it’s 
critical to tracing an event. Auditing tools can speed 
the process considerably and can provide clear re- 
ports and audit trails in case of an investigation. 
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This feature isn’t available with every product, nor 
is it advisable in many cases, say experts. “I wouldn’t 
advise doing it unless you have a very strong under- 
standing of how you use your database,” says Pete 
Lindstrom, research director at security analysis firm 
Spire Security LLC. “The problem is often unknown 
applications like weird third-party report writers and 
automated log-ins and heartbeat-monitoring prod- 
ucts. If you prevent database activity without under- 
standing it, you’ll break the infrastructure.” 

Nevertheless, he says, once the software has run 
for a while and profiled the traffic, it’s possible to 
block some obviously bad activities. 


Who Needs Data Auditing? 

As the 2004 debacle at ChoicePoint Inc. illustrates, 
all financial and credit-records companies can use 
data activity profiling and monitoring tools. Choice- 
Point, an aggregator of consumer data, was found to 
have allowed thieves to purchase and download data 
on as many as 400,000 consumers. The company 
opted to stop selling consumer data to most busi- 
nesses after that. But it’s not just the ChoicePoints of 
the business community that can benefit from better 
protection. Most midsize and large organizations 
are at risk for theft or improper use of data, notes 
Gartner’s Mogull. 

“Everybody’s got credit card numbers or Social Se- 
curity numbers,” says Mogull. “Thanks to new regu- 
lations and a lot of negative public exposures, CEOs 
and CFOs are saying, ‘I don’t want to end up on the 
front page of The Wall Street Journal. We need to take 
a look at what’s going on with the database.” 

The CEI Group Inc., a provider of auto accident 
and claims management services, implemented Lu- 
migent Technologies Inc.’s AuditDB tool two years 
ago. With volumes of personal information on more 
than 600,000 consumers, CEI Group thought it 
prudent to add another layer of defense around its 
database. The Feasterville Trevose, Pa.-based com- 
pany was surprised to find that having a data auditing 
tool is a major selling point for new customers. 

“We can show prospects that we have a detailed 
audit trail of all changes made to the database and 
every query against the database,” says Andre Alicea, 
manager of database administration at CEI. “That 
says a lot about our ability to handle security and pri- 
vacy concerns.” 

Another attractive feature, says Alicea, is that the 
tool doesn’t require much extra effort by administra- 
tors. “Once it’s set up, it just runs on its own. If there’s 
a problem, it sends us an e-mail.” 

Government regulators and auditors are also help- 
ing to promote the adoption of database auditing. 

For Southwest Corporate Federal Credit Union, the 
second-largest corporate credit union in the U.S., the 
main motivation behind implementing IPLocks Inc.’s 
Information Risk Management Platform was the ad- 
vice of an auditor to improve database security. 

Dallas-based Southwest serves more than 1,200 
member credit unions, which in turn cater to indi- 
vidual customers. Just about a year ago, an external 
auditor told both the company and a competitor that 
they must prove their data is secured and monitored 
against theft. 

Continued on page 37 
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November 14, 2005 


An Open Letter from 
John Swainson, President and CEO, 
Computer Associates (CA) 


Last night | opened CA World, our company’s annual customer forum, with an important announcement 
from a refocused and re-energized CA. We have developed a new vision for enterprise IT that I'd like to 
share with you now. 


For more than a generation, the enterprise has had abundant reason to believe in the promise of 
technology to transform business. Each new wave of innovation in IT has given business the opportunity 
to reach new levels of capability, efficiency and competitiveness. And yet, the addition of each 
specialized function, and the rapid pace of change, have also created daunting challenges of complexity 
and security. 


Now CA is addressing these challenges with a clear vision for the future. At its heart lies a compelling 
difference we call Enterprise IT Management (EITM): a new approach to managing technology in 
which CA software and expertise enable customers to unify and simplify complex IT environments 
across the enterprise. 


We believe that systems, processes and people should work in sync, securely supporting your strategic 
mission. We believe you can get more out of your current investments in IT. We believe you should have 
the control you want to fully align existing IT capabilities with your business priorities. 


At CA World this week, our vision becomes real. We are launching a new set of software solutions that 
allow you to begin this journey to EITM, a higher order of IT, whether you work directly with CA or 
through our partners. 


To make it possible, we rely on our most important asset: the more than 15,000 CA employees 
worldwide whose expertise and commitment help drive performance for over 95 percent of the 
Global 1000™ companies. 


This is an exciting time for CA. Under my senior leadership team, we've implemented new business 
systems, installed rigorous financial controls and realigned our business units, building a strong 
foundation for innovation and growth. 


Starting today you will hear our new voice in the marketplace, describing how CA technology answers 
your needs and challenges. You will see that Computer Associates is moving forward simply as CA, the 
name familiar to our valued customers and partners. We have unified and simplified the CA logo as well, 
symbolizing our integrated approach. 


| am confident that together, CA and our partners can help you unify and simplify your IT environment 
in a secure way to achieve your business goals. 


Turn the page with me to start experiencing the new CA. 


Regards, 


WjOu~—. 


John Swainson 
President and CEO 


ca) 


Computer Associates* 





REMEMBER WHEN TECHNOLOGY 
HAD THE POWER TO INSPIRE YOU? 





BELIEVE AGAIN. 


Once, technology transformed business in a way that made us believe its potential was boundless. But over time, the 


promise of IT was challenged by sheer complexity. Today there’s reason to believe again. CA introduces an approach 
to managing technology called Enterprise IT Management (EITM). With the range of software and expertise to unify 
systems, processes and people across the enterprise. Simplify the complex. And enable IT to deliver fully and 
securely against your business goals. With CA software solutions, you can reach a higher order of IT. At your own 


pace, on your own path, with your existing technology and partners. To learn more about E!TM, and how CA's new 


LO 


solutions can help you unify and simplify your IT environment in a secure way, visit ca.com/unify. 





where information lives 


Fr: wrestling with backup issues 


To: cooking with gas 
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“NOBODY ELSE OFFERED A SOLUTION THAT ALLOWED US TO LEVERAGE tt 
WHAT WE INVEST TODAY TOWARD OUR FUTURE NEEDS.” 


Bob Travatello 
ClO, Blue Rhino 


Blue Rhino is ‘a midsize company that had a king-sized problem. As the #1 brand in propane tank 
exchange, their information storage needs were growing at 100 percent a year. But their IT budget wasn’t. 
They chose an EMC solution that gave them less downtime, faster backups, and quicker recovery times. 
The entire package, hardware and software, delivered a high degree of flexibility at an affordable price 


EMC ‘ 2 ; 
and allowed them to keep their focus on their customers. Talk to your EMC Velocity’ Partner to learn more 
about EMC solutions that start simple and stay simple. 

VELOCITY 

eh si 


prockaM + Read the Blue Rhino profile at www.EMC.com/BlueRhino, or call 866-796-6369 to learn more. 
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Continued from page 32 

Southwest did some quick research looking for a 
product that could monitor and audit its 85 Micro- 
soft SQL Servers and came up with the Information 
Risk Management Platform. The IPLocks tool, which 
scans the database log files, enabled Southwest’s 
administrators to keep an eye on the databases 
without having to constantly do manual queries on 
specific types of activities or go through unfiltered 
log files. 

The system did require significant tweaking dur- 
ing the first couple of weeks, when it began generat- 
ing hundreds of alerts, says Akinja Richards, project 
manager and database administrator at Southwest. 

“Tt took a few weeks to get it all running smooth- 
ly,” he says, noting that the key to getting a monitor- 
ing tool running efficiently is to first understand 
what all of your applications do. “If I have no idea 
what the HR people do or what applications they use 
and reports they run, then I’m going to either protect 
too much or too little,” Richards says. 

“You have to understand your applications and 
your business environment in order to use some- 
thing like this effectively,” he says. » 


Hildreth is a freelance writer in Waltham, Mass. 
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making storage simple 


NOW STORAGE RELIEF COMES IN 


AFFORDABLE, SCALABLE PACKAGES 
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The Trouble With Triggers 


Database triggers are often used to alert an administrator to changes to data. However, this built-in database feature has limitations 
when it comes to auditing databases. Some of the probiems with triggers include: 


O Performance impact 
The more triggers, and the more transaction volume, the 
slower the overall performance of the database. 


O Storage consumption 
Triggers write to local tables, using up storage space on the 
production database server. This also slows performance. 


O Complexity 
Adding more triggers increases the complexity, thereby in- 
creasing the likelihood of bugs and errors in logic. 


O Maintenance 
Triggers are tightly coupled to the structure of a table, so when 
the table schema changes, the code must be rewritten. 


O Partial protection 

Triggers capture changes to data, such as updates and dele- 
tions. But they don’t capture changes to schema and object 
permissions — both critical items to audit. 


O Reliability 
Triggers are easily disabled, so that an audit trail wouldn't 
record fraudulent changes to data. 


O Slower consolidation 

Triggers are written for one database server. But if you're 
auditing several at a time, it’s very difficult to consolidate all of 
the audit trails into one. 
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avision we think is very exciting,” Waibel 
i said as he demonstrated the prototype of the 
' translator. Launched in 2004, InterACT is a 
* multimillion-dollar joint effort between the 
’ schools to develop advanced communication 
* technologies. 
*  Waibel said that in the future, electrodes 
, could be implanted into the mouth and throat 
, ofaperson who wanted to become multilin- 


Instant 
Translation 


SCIENTISTS AT Carnegie Mellon University 
and the University of Karlsruhe in Germany 
have unveiled technology that makes it pos- 
sible to speak one language yet be understood 
in another. » Qual. He also exhibited “translation goggles” 
Atavideoconferenced demonstration last +, — souped-up eyeglasses that displayed his 
month, Carnegie Mellon computer science ; words on a miniature virtual screen seen only 
graduate student Stan Jou stood before 1 bythe wearer. Waibel’s speech was translated 
an audience with 11 tiny from spoken English into Span- 
electrodes affixed to the ish text. 
muscles of his cheeks, neck Waibel also demonstrated 
and throat. The Taiwan na- an array of small ultrasound 
tive then mouthed — without speakers that delivered a nar- 
speaking aloud - the fol- row beam of sound in a foreign 
lowing phrase in Mandarin language to one person while 
Chinese: “Let me introduce others nearby heard the same 
our new prototype.” words in the language in which 
The sensors captured they were spoken. Developed 
electrical signals from in partnership with German car 
Jou's facial muscles as they manufacturer DaimlerChrysler 
moved to form the silent AG, this technology could be 
Chinese words. In a matter used to translate speeches in 
of seconds, the information several languages simultane- 
traveled to a computer that ously for an international audi- 
recognized the words and translated them ence, such as at the United Nations. 
into English and Spanish. The phrase was To make it possible to translate spontane- 
then displayed on a screen and spoken bythe ! ous speech about unlimited potential subjects, 
computer in both languages. Waibel said his team developed statistical 
The translation system is probablyadecade ‘ methods that allow the computer to learn from 


lle | 


A STROLL THROUGH THE TECHNOLOGY LANDSCAPE 


UCSB Takes Step Toward Spin Processing 


RESEARCHERS AT the University of California, 
Santa Barbara have potentially opened up a new | 
avenue toward room-temperature quantum informa- 
tion processing. By demonstrating the ability to image 
and control single isolated electron spins in a diamond, 
they unexpectedly discovered s 
anew channel for transferring 
information to other surrounding 
spins — an initial step toward 
spin-based information proc- 
essing 

Quantum information 
processing uses aspects of 


dents Ryan Epstein and Felix Mendoza and their 
adviser, physics professor David Awschalom, were 
interested in the long-lived electronic spins of so- 
called nitrogen-vacancy impurities in the diamond 
| crystal - defects that consist only of two atomic 
sites. So about two years ago, they 
embarked on developing a sensitive 
room-temperature microscope that 
would allow them to study individual | 
defects through the light they emit. 
This microscope, with its unique 
precision in the control of the mag- 
netic field alignment, has allowed 


eT Ue tees ulate) 
researcher Stan Jou’s face 
eR Ue Lee 


SOURCE: CARNEGIE MELLON UNIVERSITY 


the Internet. Rather than producing a word-by- 
word translation, the system builds phrases, 


potential to bridge the language divide between 


quantum mechanics as the basis for a new generation 
of computing and secure communication. The spin 
of a particle is quantum mechanical in nature and is 
considered a viable candidate for implementing such 
technologies. 

A team of researchers, including graduate stu- 


them to not only detect individual nitrogen-vacancy 
defects, but also small numbers of previously in- 
visible “dark” spins from nitrogen defects in their 
vicinity. These spins are described as dark because 
they can't be directly detected by light emission, but 
it appears that they may prove extremely useful. 





countries and cultures, says Carnegie Melion 
computer science professor Alex Waibel, who 
directs the International Cenier for Advanced 


Communication Technologies, or InterACT. 


“This is a bit science fiction, but it’s clearly 
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Alan M. Turing 


smoothing out some of the quirks of sentence 
structure among languages. 


1 Page compiled by Tommy Peterson. 
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Million-Atom Biology Simulation Could Improve Drug Development 


RESEARCHERS AT Los Alamos National Labora- 
tory have set a new world’s record by performing 
the first million-atom computer simulation in 
biology. Using the “Q Machine” supercomputer, 
Los Alamos computer scientists have created a 
molecular simulation of the cell's protein-making 
structure, the ribosome. The project, simulating 
rn: 2.64 million atoms 
= ra in motion, is more 
Ya os than six times 
ae larger than any bio- 
e : logical simulation 
A) . performed to date. 
Fens The ribosome 
~~ 4 is the ancient 


PT cme kee molecular fac- 
rua tory responsible 
TOR eeu ees 
center, moving through an for synthesiz Ing 
evolutionarily ancient corridor MOGI kO 
a anisms. Using the 


Pree ROR) 
reaction core by the transfer MMUMAC MUL Rey 
Bi Oe Alamos team led 
rE by Kevin Sanbon- 
matsu was the first 
to observe the entire ribosome in motion in atomic 
detail. This first simulation of the ribosome offers a 
new method for identifying potential antibiotic tar- 
gets for diseases such as anthrax. Until now, only 
static snapshots of the structure of the ribosome 
have been available. 

“Designing drugs based on only static structures 
of the ribosome might be akin to intercepting a mis- 
sile knowing only the launch location and the target 
location with no radar information. Our simulations 
enable us to map out the path of the missile’s tra- 
jectory,” Sanbonmatsu said. 

Sanbonmatsu's study focuses on decoding, the 
essential phase during protein synthesis within 
the cell wherein information transfers from RNA to 





GOING MOBILE 


Projected percentage of total PC purchases that 
mobile devices like laptops or tablets will account for 
__ over the next 12 months: 
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protein, completing the information flow specified | tothe ‘CPU’ of the cell,” Sanbonmatsu said. Sanbonmatsu developed the simulation with Chang- 
by Francis Crick in 1958. “The ribosomes, infact, | The multimiliion-atom simulation was run on Shung Tung of Los Alamos, as well as Simpson 
ananoscale computer andis very much analogous | 768 of the Q Machine's 8,192 available processors. Joseph of the University of California, San Diego. ® 
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Business Objects’ BI 
Tool Set for Preview 
= Business Objects SA last week 
announced a preview release 

of its Crystal Reports tool for 
Eclipse. The tool will allow de- 
velopers to create new business 
intelligence reports or use exist- 
ing Crystal Reports documents 
and integrate them directly 

into applications. Developers 
can customize reports without 
leaving the Eclipse develop- 
ment environment, according 

to Business Objects. In addition, 
Business Objects is providing a 
development and test license of 
the embedded reporting engine 
that lets developers build report- 
viewing capabilities directly 
within client/server and Web ap- 
plications. The preview release 
and the test license of the em- 
bedded reporting engine will be 
available before the end of 2005. 
General availability is expected 
in the second half of 2006. Pric- 
ing was not available. 


Oracle Integrates 
Supply Chain Suite 


® Oracle Corp. last month an- 
nounced that it is integrating the 
Strategic Network Optimization 
and Production Scheduling 
products from the PeopleSoft 
Supply Chain Planning suite 

into its own E-Business Suite 11i 
Advanced Planning and Schedul- 
ing application. According to the 
company, the new integrated of- 
fering is meant to improve supply 
chain efficiency and cut risk. It 
will ship next year; pricing was 
not available. 


New IBM Software 
To Track Blogs 


= IBM has released software that 
allows enterprises to track blogs, 
newsgroups and other informa- 
tion sites. The Public Image 
Monitoring Solution is built on 
IBM’s Unstructured Information 
Management Architecture, a 
framework for building applica- 
tions that can analyze unstruc- 
tured data. Pricing is based on 
configuration usage but begins 
at around $250,000 for enter- 
prise use. 
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Managing Data 
At RAM Speed 


WO of IT’s most consistent mandates 

are lower costs and more speed. To meet 

this demand for cheap speed, standard 

disk-based database management systems 

need help. Increasingly, this help is com- 
ing in the form of memory-centric data management 


technology. 


Conventional DBMSs are designed to get data on and 
off of disks as safely, quickly and flexibly as possible. 
Much of their optimization is focused on one key bottle- 
neck — the length of time it takes to find a random byte 


of data on disk, which is 

1 million times as long as 

it might take to find the 
same byte in RAM. But the 
optimizations and access 
methods designed to ad- 
dress this bottleneck don’t 
work so well once the data 
is safely in main memory. 
Memory-centric data 
management tools, using 
access methods that would 
be ridiculous in a disk- 
centric setup, can perform 
vastly better. 

If you want to query a 
used-book database more than 1 mil- 
lion times per minute, that’s hard to 
do in a standard relational DBMS. But 
Progress Software’s ObjectStore gets 
it done for Amazon.com. If you want 
to recalculate a set of OLAP cubes in 
real time, don’t look to a disk-based 
system of any kind. But Applix’s TM1 
can do just that. And if you want to 
stick DBMS instances on 99 nodes of 
a telecommunications network, all 
persisting data to a 100th node, a disk- 
centric system isn’t your best choice 
— but Solid Information Technology 
has a product that works just fine. At 
their core, each of those products re- 
lies on the same technical approach: 
vast amounts of pointer traversal. Ac- 
cess that random is pretty impractical 
on disk, where it can take over a milli- 
second to get from one point to the 


CURT A. MONASH is a 
consultant in Acton, Mass. 
You can reach him at 
curtmonash@monash.com. 





next. But it works great in 
100- to 1,000-MHz RAM. 
There’s actually a broad 
variety of memory-centric 
products, most of them spe- 
cialized for some particular 
kind of processing, whether 
OLAP or OLTP or event 
stream. They can be hard 
to find, being positioned as 
DBMS, quasi-DBMS, busi- 
ness intelligence features 
or some utterly new kind 
of middleware. They may 
come from top-tier software 
vendors or from the rawest 
of start-ups. But they are out there. 
While memory-centric analytic tech- 
nology has been around for a while, 
you may easily have missed it. It’s been 
held back by the addressability limits 
of 32-bit processors and even more by 
the scalability limits on most paral- 
lel hardware architectures. But that 
was before massively parallel (a.k.a. 
blade/grid) architectures made it prac- 
tical to link huge numbers of CPUs 
together. You want 1OOGB of RAM on 
your server? No problem. One terabyte 
is achievable too, if you can afford that 
much silicon. And it’s just going to 
get easier, as the amount of RAM per 
board keeps doubling, based on the in- 
creasing performance of 64-bit chips. 
Perhaps the simplest memory- 
centric approach to analytic data man- 
agement is used in SAP’s superfast BI 


Accelerator (nee HPA, nee Euclid). Ba- 
| sically, it takes an InfoCube (a prebuilt 
SAP star-schema warehouse), sucks 
it into RAM with suitable sparsity 
compression and executes all analytic 
queries as full-table scans. Compet- 
ing with that is tough when you're 
bound by disk access speeds. The 
most unique approach is probably that 
of Applix’s TM1, a memory-centric 
MOLAP tool that allows fully flex- 
ible evaluation rules without on-disk 
precalculation (and hence without 
the resulting data explosion). Thus, 
it simultaneously offers most of the 
benefits of analytic DBMS and most of 
the benefits of ordinary spreadsheets, 
and it deserves to be the basis of most 
planning applications unless and until 
something better comes along. 

Memory-centric OLTP, not as depen- 
dent on total RAM available, has prob- 
ably made more of a market impact to 
date, although mainly in a few niches. 
ObjectStore provides object-oriented 
memory-centric solutions for some 
of the most demanding OLTP apps 
in the world — not just the Amazon 
bookstore, but some airline reserva- 
tions and scheduling systems as well. 
Products from Progress Software, 
TimesTen and start-up StreamBase 
Systems are used for highly real-time 
financial trading systems. TimesTen 
and Solid Informatien Technology 
support real-time management of bill- 
ing and other functions on huge tele- 
communications networks. 

I suspect that the “niche” label is 
about to come off. Oracle acquired 
TimesTen, and it probably didn’t do so 
just for a few particular apps. Did you 
buy a lot of Real Application Clusters 
recently? Well, the sequel is a generic 
caching-performance story, and it’s 
coming soon from an Oracle salesman 
near you. 

For backup detail to this column, 
please see the DBMS2 blog at www. 
dbms2.com. » 
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Sites for Sore Eyes 


Jeffrey Tarter of the Association of 
Support Professionals tells Comput- 
erworld what makes the best Web 
sites great. PAGE 48 
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DOES CORPORATE BLOGGING 
CHANGE THE 
LANDSCAPE? By John P. Hutchins 


LEGAL 


USINESS LAWYERS have a 

standard line to warn clients 

about undisciplined employee 

conversation about a pending 
lawsuit: “Avoid all water-cooler chat- 
ter.” Oh, how the Internet has changed 
things. First, e-mail changed the speed 
and synchronicity of com- 
munications. And now, 
many companies allow em- 
ployees to express opinions 
on just about any subject through 
corporate blogging. 

Corporate decision-makers who 
wonder whether blogs present new 
legal challenges should know that 
there are a number of points to think 


through. And there are some differ- 
ences, legally speaking, between inter- 
nal and external blogs. Here’s a look at 
some of the issues. 


Inside the Company 
Internal blogs — those that aren’t pub- 
lished to anyone outside the 


company — are just another 


HT ecu: form of internal electronic 


communication. As such, 
they present issues similar to those sur- 
rounding e-mail and instant messaging. 
One of the most important concerns 
blogging raises is that, like message 
boards, it presents the opportunity for 
anonymous communication. 





It’s probably a good idea not to allow 
truly anonymous use of an internal 
blog. (IT professionals can configure 
internal blogs so that all users can be 
identified, at least by the company.) 
Anonymous speech has certain advan- 
tages for would-be whistle-blowers, but 


| there are other ways to report things 


anonymously without resorting to 
blogs. As a general matter, the potential 
for anonymous speech creates an at- 
mosphere that can encourage irrespon- 
sible behavior, such as harassment, 
defamation and gossip. Except where 
there’s a clearly identifiable benefit, 
anonymous speech in the workplace 
should be avoided. 





The only legal action that most 
companies need to take with respect to 
internal blogging is to review their ex- 
isting electronic communications and 
document-retention policies to ensure 
that they are broad enough to cover 
blogging. 

As a matter of good business prac- 
tice, it’s wise to review these policies 
about once a year, whether you permit 
blogging or not. But it’s especially 
worth noting that any such policy is 
only as good as a company’s willing- 
ness to consistently enforce it. Policies 
that are published but not enforced can 
cause more harm than good. 

For example, if a company enforces 
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the policy by taking adverse action 
against one employee but not another, 
it can create problems if the employee 
against whom adverse action is taken is 
in a “protected class” under federal em- 
ployment laws. Delta Air Lines Inc. is 
facing that very allegation in a suit re- 
cently filed by a former flight attendant 
who blogged. This is just one example 
of the potential problems that can arise 
through inconsistent enforcement. 
Consistent enforcement of internal 
policies should always be a priority. 


Beyond Company Walls 

External company-sponsored blogs 
offer many potential advantages. But 
rather than jumping on the unrestricted- 
blogging bandwagon, it might be a 
better legal strategy to exercise tight 
control over external blogs. 

Most legal problems that might arise 
from external blogs are similar to those 
associated with other forms of external 
communication by or about a company 
or its employees. Legally speaking, the 
type of electronic communication that 
is most analogous to external blogging 
is the Internet message board. Uncon- 
trolled bloggers may engage in the type 
of conduct that occurs frequently on pub- 
lic message boards, such as the following: 

® Making statements about financial 
performance aimed at impacting share 
price, including posing as a company 
insider or, in rare cases, actually shar- 
ing inside information. 

® Discussing sensitive corporate per- 
sonnel issues. 

®@ Defaming the company, its man- 
agement or others. 

® Disclosing competitively sensitive 
business information, such as trade 
secrets. 

Generally, companies try to deter 
these problems among employees by 
enforcing standards of conduct con- 
tained in electronic communications 
policies, codes of ethics or contractual 
agreements with individual employees. 

Some companies, like Sun Micro- 
systems Inc., choose to rely on policy 
alone and simply trust their employees 
to use good judgment. But employees 
don’t always use good judgment, of 
course, and bad judgment is usually 
what gets companies sued. 

Sun’s policy acknowledges that it is 
“accepting higher risks in the interest 
of higher rewards.” If you’re not par- 
ticularly interested in higher risks, you 
might consider allowing only a small 


group of people to post to the corporate | 


blog. Only readers who might use the 

“comments” feature to respond to blogs 

would then constitute a real threat. 
Thus, the issues of whether to allow 
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Why Blog? 


Expertise 
To position yourself and your company as the 
thought leader in your market. 
Customer Relations 
To develop a more personal relationship with your customers 

and to gain feedback and insights. 

Media Relations 
To become a site the media checks instead of just being 

a source of press releases. 


‘Collaboration 
To create an informal workspace to keep project teams updated. 


Knowledge Management 
To enable employees to find information and resources for 
on-the-job learning. 
Recruitment 


To be seen as an attractive employer hecause you're 
regarded as a thought leader. 


Testing 
To publish an idea or preview a product to see if it generates interest. 


Search Engine Boost 
To raise your visibility. Search engines reward sites that are updated 
often, link to other sites and have many inbound links. 


OURCE WWW.CORPORATEBLOGGING.INF(C 
comments at all, and if so, whether to 
screen comments prior to their post- 
ing on a company-sponsored blog, are 
of paramount importance. There are 
potential business advantages to the 
comment feature. But there are also 
hazards to be considered. 

The fundamental issue to under- 
stand is anonymity. As with message 
boards, it’s possible for employees (as 
well as nonemployees) to communicate 
on external blogs in almost complete 
anonymity. Courts are very deferential 
to the right to engage in anonymous 
Internet speech. Even where a blogger 
may have behaved badly, getting access 
to his identity is tough. 

A company harmed by a posted com- 
ment would need to file a “John Doe” 
lawsuit against the anonymous blog- 
ger. And even then, most courts would 
allow the blogger to defend the suit 
anonymously until the company made 
a convincing argument that its claim 
had merit, justifying disclosure of the 
blogger’s identity. Courts have taken 
that stance in many cases related to 
message-board postings, and in 
October, the Delaware Supreme Court 
issued the first published opinion on 
the rights of an anonymous blogger, 





reaching a similar conclusion. 

The freedom that comes from Inter- 
net anonymity often breeds irresponsi- 
ble behavior. Blogs are no exception. In 
fact, two negative behaviors that have 
been affecting the Internet for a decade 
are making the comment feature of 
blogs especially difficult to manage. 
One such behavior is spam. 


Bad Blogging Behavior 

Since the passage of the CAN-SPAM 
Act, the Federal Trade Commission 
has been successfully bringing actions 
against commercial e-mail spammers 
and, to some degree, curtailing their 
activity. As a result, commercial spam- 


mers have started a new Internet trend: 


using the comment feature on popular 
blogs to send unwanted commercial 
solicitations to large numbers of blog 
users. This practice isn’t currently cov- 
ered by the CAN-SPAM Act. 

Another negative behavior is In- 
ternet defamation. By allowing com- 
ments, a company might unwittingly 
become a secondary publisher of de- 
famatory statements. If a company 
makes a blog available for unrestricted 
posting of comments, a blogger’s de- 
famatory statement about some third 


| 
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party may be imputed to the company 
sponsoring the blog, even if the com- 
ment is quickly deleted. 

Unlike Internet service providers, 
which enjoy immunity for their mes- 
sage boards under the Communica- 
tions Decency Act, a company spon- 
soring an unrestricted external blog 
would likely be considered a “publish- 
er” of any statement proven to be de- 
famatory and, thus, potentially liable. 

A screening process for comments 
is worth considering, but it raises both 
legal and nonlegal issues. 

From a nonlegal perspective, blogs 
are increasingly popular because they 
encourage unfettered speech. Some 
argue that screening reduces the 
authenticity of a blog. This is a busi- 
ness decision, but it should be noted 
that constraining potentially harmful 
speech is a normal aspect of virtually 
every other form of communication. 

From a legal perspective, screening 
comments may give rise to a duty to 
protect bloggers from harmful speech, 
imposing potential liability on the 
screener where none might otherwise 
exist. Therefore, if a company decided 
to initiate a screening process in con- 
nection with a company-sponsored 
external blog, it would be a good idea 
to publish a notice attempting to limit 
its liability in connection with the blog. 
Such a notice may not be fail-safe, but 
including it is a better option than not 
including it. 

One other issue to consider is wheth- 
er the company blog should invoke the 
protections afforded by the Digital Mil- 
lennium Copyright Act. The DMCA 
generally protects a secondary publish- 
er of copyrighted works from claims of 
“vicarious” or “contributory” copyright 
infringement, if the secondary pub- 
lisher follows the DMCA’s safe-harbor 
notice scheme. The actual terms and 
nuances of the DMCA notice rules are 
beyond the scope of this article, but it’s 
a good idea to embed these notices in 
any external blog. 

One thing about blogs is certain: 
Everyone has an opinion. The thing 
to remember is that blogging is just 
another form of corporate communica- 
tion, and communication has rewards 
as well as risks. Before you embark on 
a corporate blogging adventure, com- 
municate with your lawyers and get 
their opinion. They may even have a 
blog of their own. » 

John Hutchins is a partner in the Atlanta 
office of Troutman Sanders LLP, where 
he focuses on technology and intellectual 
property issues. Contact him at john. 
hutchins@troutmansanders.com. 
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“The Year’s Ten Best 
Web Support Sites 
~ 2005” is an in-depth 
look at the makings 
of a great customer sup- 
port site. Published by 
the Association of Sup- 
port Professionals (ASP), 
a research organization 
that deals with support 
and service issues, and 
reflecting the evaluations of more than 
50 judges, the report details what works 
and what doesn’t work in sites ranging 
from internal employee portals to ven- 
dor support Web sites. ASP Executive 
Director Jeffrey Tarter talked with Com- 
puterworld’s Kathleen Melymuka about 
what makes a great Web site. 


Just what is a Web support site? When we 
first got into this Web support issue, 
Web support sites on the vendor side 
were essentially online knowledge 
bases. Companies were taking their in- 
ternal Q&As and putting them on the 
Web. Pretty easy proposition. Then 
they turned into more like portals for 
all kinds of business process informa- 
tion. And on the vendor side, we start- 
ed to see training and consulting and 
license management and patches and 
anything a customer could possibly be 
interested in to support the product. 
On the IT side — this is relatively 
new — the sites are beginning to 
be more focused on all the business 
processes within the company. I was 
just doing a site evaluation for a very, 
very large government organization in 
Washington, and they have this fasci- 
nating site that covers everything from 
ordering airline tickets to expense 
accounts to training. It’s not related to 
software support but to supporting all 
of their employees. It’s very effective, 
and it’s getting traffic from their em- 
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ployees who would have been trained 
or supported individually in things 
like filling out an expense account and 
buying airline tickets. Now it’s all on 
the site. 


What would IT managers learn from looking 
at the top 10 report? I’d love to see them 
recognize the potential of moving sup- 
port away from bodies to Web pages. 
It’s not an easy transition. The po- 
tential is there, but lots of companies 
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tend to see it as a cost-deflection issue. 
That’s not really what it is. It’s about 
the best way to transfer information 
to people. It’s a huge philosophical 
question that gets into the issues of 
corporate culture, interaction with 
employees and customers. 


Let’s walk through the ASP’s criteria. You 
start with overall usability, design and navi- 
gation. What do the judges look for? The 
judges look for good, clean navigation 
and text, which turns out to be harder 
to achieve than it seems. We often see 
sites where the people developing the 
site were conned by developers into 
creating all kinds of dynamic pages. 
It’s the same old story: Developers 
promise no performance problems, but 
once it’s up, pages move like molasses. 

These sites also tend to expose silo 
problems in companies. I’ve seen this 
even with very big, sophisticated orga- 
nizations. Every little department has 
its own content and its own graphical 
standards and its own turf on the Web 
site. That’s awful for someone trying 
to navigate. 

I was evaluating a site recently 
where the incident-reporting form 
was different for software than for 
hardware because they were two 
different departments. If you had 
a hardware question, you went to a 
page that looked very different from 
where you'd go for a software ques- 
tion. We penalize people for that kind 
of confusion. 

For some companies, this is a really 
tough issue; for others, there’s enough 
centralized IT control that it’s not an 
issue. I guess the real issue is, do the 
site developers have the guts to fight 
this problem when they see it? Lots of 
times they don’t. 


Another category you evaluate is knowledge 
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and search implementation. What makes a 
good search function? The big issue is 
recognizing that people have differ- 
ent learning styles. Some want to look 
up a problem and have it solved with 
a tech note. Others may need some 
training, templates, cookbook solu- 
tions or consulting, and it’s tricky to 
bring all these things together. 

If you just use a problem/solution 
model, then that probably isn’t go- 
ing to satisfy a lot of people. At an 
accounting software company, for 
example, the problem might not be 
solved by a tech note because it might 
be that the user doesn’t understand 
double-entry bookkeeping. Or maybe 
he needs a template of a chart of ac- 
counts. Or maybe he needs a consul- 
tant to come in and set up the books. 
So if it’s just a problem/solution ap- 
proach, that isn’t going to work. 


Interactive features is another criterion. 
What do you want to see there? The same 
as you see anywhere else on the Web. 
It’s particularly important for support 
sites because problem solving tends 

to be more complex than ordering a 
product. Ordering a product is a linear 
process: Give the order and take the 
money. 

Problem solving tends to go off into 
more paths, some of which are dead 
ends, so you need some way for there 
to be a dialogue or exchange of infor- 
mation or a progressive disclosure 
of information. A tree structure for 
solving a problem can be very com- 
plicated. That’s why people in tech 
support have conversations: You need 
feedback. Once you start opening up 
the issue of feedback, this gets very 
threatening for classic command- 
and-control organizations. They don’t 
want people to say, “This is confus- 
ing” or “There’s a better solution than 
you're offering.” But that’s what you 
should want. Interactivity means let- 
ting employees and customers have a 
say in what you're doing. 

But interactivity is also good just as 
a way to keep people engaged, and it 
helps lock in relationships with people 
so they keep using the Web for more 
than just very rare problems. If they 
come only when they have a serious 
problem, they may not remember how 
to use the site or they many not have 
a lot of faith in it. But if they come 
to order airline tickets and answer 
expense account questions, they will 
probably take a more complex prob- 
lem to the Web, and that’s a real gain. 


The final item is personalization. How impor- 
Continued on page 51 
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Principles of a Great 
Support Site 


Shorten the path to useful content. 


Organize support resources around 
“product” silos, whether actual products 
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Build personal portals that let users 
create “my support” pages. 


Upgrade the search engine. 
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Standardize the look and taxonomy. 


Avoid dead ends: give an easy path 
backward to a new jumping-off point 


Continued from page 48 

tant is that in a Web support site, and how do 
the best companies implement it? It varies. 
On the vendor side, we don’t see much 
need for it with a small, single-product 
company. You can assume customers 
are pretty much alike. But as Web sites 
get more complex, it’s almost essential 
to customize. For IT sites, that’s gen- 
erally really important. There’s a big 
difference between the kind of infor- 
mation you give an executive versus a 
staff person. There’s also going to be 
big differences among departments 
and their responsibilities — sales peo- 
ple will want something different than 
accounting people. That’s where you 
want to personalize. 


Do you see many IT sites? We've had IT 
sites, but they tend to be behind the 
curve. Typically, IT organizations are 
five years behind the software compa- 
nies on seeing the potential for support 
sites, because they’re mostly focused 
on help desk issues, and corporate help 
desk deals with the simple stuff and 
immediately escalates anything dif- 
ficult. 

We got an entry the other day from a 
large utility company about providing 
electricity to customers. It answer a lot 
of questions, from billing to where not 
to dig [to avoid hitting a power line]. 

Some years ago, we were encour- 
aging entries from corporate help 
desks, and they were lousy sites. So we 
stopped promoting in that area. But 
one of our winners this year was an 
internal site: McKesson. It was a very 
strong entry, and now I’m seeing really 
excellent IT sites. 


What advice would you give to IT managers 
implementing or maintaining Web support 
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sites? I never give advice. But there is a 
need to bring users into the process as 
much as they can. It’s not always obvi- 
ous what a given site should do. And 
this is true even on the vendor side. 
Often, IT has a very narrow definition 
of tech support, when customers have 
a different set of priorities. It’s danger- 
ous to assume that the IT people know 
what should be on the site. Users also 
notice inconsistencies, political issues, 
usability issues. 

In some companies, old-timers 
know the jargon and shortcut ways of 
saying things, but those are incompre- 
hensible to new employees — and they 
are the people who need to learn this 
stuff. If they open up a business proc- 
ess explanation and see nothing but 
jargon and acronyms, they'll give it up. 
So it helps to get some feedback from 
people. 


What would you say are the major challenges 
Web support sites still face? My guess is 
the big issues over the next few years 
will have to do with the broad area of 
usability. I think we've established that 
the concept works. You don’t hear as 
many people saying, “No one will ever 
use a Web site for support, because 
they want to talk to live people.” That 
issue seems to have gone away. Now 
we actually have the opposite prob- 
lem of vendors and IT organizations 
throwing everything onto the Web site 
so you get these really complicated, 
hard-to-navigate sites, and that turns 
people off. 

We have to fine-tune navigation to 
make sure people don’t get lost. It’s 
not immediately obvious how huge 
some of these sites are, but it’s not un- 
usual for there to be 50,000 to 100,000 
documents, and not just the same kind: 
You've got documentation, training 
classes, articles, presentations, stories, 
patches, diagnostic tools — it goes on 
forever. 

For people doing multilanguage sup- 
port, it’s overwhelming because it’s a 
moving target. Every time someone 
solves a new problem, they have to get 
the information translated and updated 
on localized sites. And if you don’t do 
it fast, people in Japan realize that the 
only place for current information is 
the English-language site, and they 
stop using the Japanese site. 

If you really want scary: People don’t 
have all the same products in the same 
markets at the same time. The current 
product in Venezuela may not be the 
same as in Argentina. That’s scary. But 
talking about multinational corpora- 
tions — their own business processes 
have to be consistent or at least accom- 


| modate across the whole world. 


| business process has become incred- 
| ibly complicated. Somehow you have 
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to let people figure out the difference 
between Washington, D.C., and Ban- 
galore. So you see why the complexity 
is increasingly hard to manage. That’s 
the big challe: 
der your own success. 3 


Ordering an airline ticket seems 
trivial, but when you're a multinational 
organization, suddenly that simple 
2: not to suffocate un- 
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Storage: 
YOUNC 


EAN POWER, director 
of strategic technology 
at Berlitz International 
Inc. in Princeton, N_J., 


saw his data center grow | 


to the point where the 

majority of his IT work- 
ers were supporting storage and serv- 
ers instead of supporting employees in 
about 500 field offices. “We were hav- 
ing to build internal resources while 
not providing services to our custom- 
ers,” he says. “We were becoming [stor- 
age] specialists.” 

So in February, Berlitz shuttered the 
doors of its primary data center after 
engaging a service provider to run its 
infrastructure from a hosted site in 
Boston. 

While the move may have been seen 
as passé by some in the IT industry, 
harkening back to the dot-com era, 
analysts say there is a new and grow- 
ing demand for hosted services, espe- 
cially when it comes to storage. That’s 
because while storage systems are be- 
ing recognized as strategic, they’re also 
growing out of control. 

The change at Berlitz has boosted 
service while cutting costs. “We were 
barely covering U.S. operations and 
couldn’t cover global operations,” 
Power says of his IT staff of about 100 
workers. “Now we have a much higher 
level of service than we were ever 
willing to pay for, at a slightly lower 
cost.” 

Berlitz, which franchises more than 
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500 language learning centers in 60 
countries, has completed most of a 
change from an in-house storage-area 
network to a service hosted by Veri- 
Center Inc. in Houston. The move to 
a service provider saved Berlitz about 
10% in total operating costs, but more 
important, it kept Power from having 
to open as many as three new data cen- 
ters to serve growing offices in Europe 
and Asia. Power was also able to rede- 
ploy his IT staff. 

Now, he says, VeriCenter has be- 
come crucial to the business, stor- 
ing key data such as Social Security 
numbers, course materials, grades and 
financial information. “We entrust the 
lifeblood of our business to VeriCen- 
ter,” Power says. 


What’s Different? 


Back in the late 1990s, the majority of 
storage service providers (SSP) focused 
on delivering primary storage — or 
storage that acts as the external disk 
drives to mission-critical transactional 
databases — as an outsourced service. 
One of the proponents of that so-called 
utility storage model was Waltham, 
Mass.-based Storage Networks Inc., 
which spent hundreds of millions of 
dollars on the highest-end storage ar- 
rays for its data centers. 

But while the company was able to 
woo some Fortune 100 customers to 
store referential data, such as e-mail 
and files, at off-site facilities, clients 

Continued on page 56 
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Continued from page 54 
weren't willing to hand over primary, 
mission-critical data to a third-party 
service provider, according to Dave 
Russell, an analyst at Gartner Inc. in 
Stamford, Conn. 

In 2002, with sales dropping, Storage 
Networks, like other pure-play SSPs, 
tried adding storage management soft- 
ware to its portfolio of products and 
services, but that move couldn’t save 
it from being forced to shut down in 
2003. Other SSPs, such as Storability 
Software in Southboro, Mass., success- 


fully made the leap from hosted service | 


provider to storage management soft- 
ware vendor. 

For pure-play SSPs, Russell says, 
the problem was simply a lack of trust. 
While the economics existed to sup- 
port the SSP model five years ago, 
companies ultimately weren’t willing 
to allow primary data systems to reside 
outside their four walls or mission- 
critical data to be stored on the same 
box or the one next to that of a poten- 
tial competitor. 

Still, Storage Networks’ erstwhile 
motto, “Delivering the future of data 
storage,” may not have been wrong but 
simply ill-timed. 

Five years ago, when SSPs were at 
their peak, they were appealing to 
start-up dot-com and Internet compa- 
nies that had limited infrastructures 
and very little cash to invest but need- 
ed to get up and running quickly, ac- 
cording to Doug Chandler, an analyst 
at market research company IDC in 
Framingham, Mass. 

While Chandler says he believes that 
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the future of SSPs is murky, over time 
more companies will likely become 
comfortable with the model of hosted 
storage because they’re recognizing 
that storage is much more of a strategic 
need than it used to be. And in many 
cases, companies are adding capacity 
so rapidly that it outstrips their ability 
to manage it internally. 

The result is that many companies 
are looking for help at the strategic 
level, with challenges such as storage 
architecture and planning, as well as at 
the tactical level, with tasks like data 
backup. 

Pure-play hosted storage providers 
such as VeriCenter are emerging again, 
but they’re offering a mix of services, 
from monitoring storage systems to 
archiving e-mail and backing up and 
restoring file systems. 


Various Flavors 

Over the past two years, major vendors 
such as IBM, Hewlett-Packard Co. and 
Iron Mountain Inc. have introduced 
online storage backup services tar- 
geted more at disaster recovery and 
business continuity. The vendors are 
able to draw on their vast number of 
regional data centers to host storage for 
those purposes. 

The services, much like SunGard 
Data Systems Inc.’s Availability Servic- 
es, are also being offered by telecom- 
munications companies such as AT&T 
Corp. and Nippon Telegraph and Tele- 
phone Corp. 

There are also more than a dozen 
smaller vendors offering online backup 
and recovery, including continuous 
data protection products that can take 
snapshots of data every time it changes 
and back that up across the Internet. 
LiveVault Corp., Asigra Inc., Scale 
Eight Inc., EVault Inc., IPR Interna- 
tional LLC and AmeriVault Corp. are 
all part of that niche. 

Many SSPs today don’t even own 
their own data centers but instead lease 
space from public data centers or tele- 
communications providers with room 
to spare. 

Incentra Solutions Inc.’s Managed- 
Storage International division in 
Broomfield, Colo., for example, doesn’t 
even lease its own data center space. 
Instead, it buys the hardware and soft- 
ware, hires the support staff and then 
wholesales the service to partners, 
which in turn rebrand it and sell it as 
a product. 

Incentra says it performs 190,000 
backup jobs a month and stores 1.4 peta- 
bytes of customer data. 

“We track storage provisioning, 
perform reporting and billing, and 





monitor [service-level agreement] per- 
formance,” says Tom Sweeney, CEO 
of Incentra, which was spun off from 
Storage Technology Corp. in 2000. 

Incentra’s all-inclusive service offer- 
ing, which includes management and 
monitoring of customer data, as well 
as storage and backup services, costs 
from $5,000 to $200,000 a month, 
depending on the amount of data being 
maintained. 

Carlos Santana is senior manager for 
IT at MMM Healthcare Inc., a small 
health maintenance organization in 
Puerto Rico with about 90,000 mem- 
bers. He has been using AmeriVault for 
three years to back up his company’s 
file servers, e-mail and Oracle and 
SQL production databases. This helps 
his company comply with the Health 
Insurance Portability and Account- 
ability Act’s requirement for redundant 
off-site copies of data and for disaster 
recovery purposes. 

“Its expensive in terms of recurring 
cost, but it’s worth it. If you take into 
consideration the amount of money 
you have to invest to do it yourself, it 
kind of evens out. But it’s not cheap. 
It’s a couple thousand dollars a month,” 
says Santana, whose 3TB of data is 
backed up to Waltham, Mass.-based 
AmeriVault’s data center. 


Focus on Security 

Santana says he chose an outsourced 
service because of the capital costs 
involved in building out an internal 
architecture to support his company’s 
fast-growing storage needs. “We also 
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don’t have a lot of time to get into that 
business,” he says. 

Still, Santana says he wasn’t per- 
suaded to use the third-party backup 
provider until the vendor proved its 
ability to encrypt his data and keep it 
that way until MMM Healthcare want- 
ed it back. “They have the highest level 
of security. They don’t even know the 
password to decrypt the data,” he says. 
“They know how much data I have, but 
[they] can’t see it.” 

AmeriVault says it has more than 
500 customers and 2,000 virtual pri- 
vate network connections as well as 
eight data centers around the U.S. 
where it hosts storage and other IT 
services. It says business has grown at 
least 25% each year since it opened six 
years ago. 

Another online backup provider, 
LiveVault in Marlboro, Mass., claims 
that its revenue grew the equivalent of 
226% year over year for the third quar- 
ter of 2004. Spokesman Jim McManus 
says the amount of new data the com- 
pany took on during the past quarter 
alone exceeded what it projected for 
the first two years it offered the ser- 
vice. LiveVault claims to manage more 
than 1 petabyte of data. 

But despite the apparent growth in 
the popularity of SSPs, switching to a 
service provider doesn’t always make 
an IT manager’s life easier. Managing a 
service provider relationship “does not 
always reduce the amount of work one 
has,” says Berlitz’s Power. “There’s still 
effort to coordinate those services, and 
it’s not insubstantial.” » 


A Storage Sampler 


Tate Ceyg 


Services Offered 





Congratulations 
Award Recipients! 


COMPUTERWORLD 
BUSINESS INTELLIGENCE PERSPECTIVES 


Computerworld’s Business Intelligence Perspectives proudly announces 
the results of the second “Best Practices in Business Intelligence” Awards & 


Program. This program honors IT user “best practice” case studies selected 


from a field of qualified finalists. Best Practices 
Award Recipients in each of the following categories were recognized during an IN BUSINESS INTELLIGENCE 


awards ceremony at Business Intelligence Perspectives in Scottsdale, Arizona, AWARDS PROGRAM 
on September 28th: 


AWARDS PROGRAM EXCLUSIVELY SPONSORED BY 


Creating a BI Vision and Strategies for Improved ROI OR A CLE 
¢ Bacardi U.S.A. Inc., Miami, Florida 
¢ Hospital Corporation of America (HCA, Inc.), Nashville, Tennessee 
Honorable Mentions: Auto Warehousing Company, Tacoma, Washington 
PREMIER Bankcard, Inc., Sioux Falls, South Dakota 
Shangai Stock Exchange, Shanghai, China 


Data Visualization, Prediction and Presentation by Leveraging Customized Solutions 
¢ APEX Management Group, Princeton, New Jersey 
¢ JPMorgan Chase, New York, New York 


Honorable Mentions: Calpine Corporation, Houston, Texas 
Eastman Chemical Company, Kingsport, Tennessee 
IBM, Southbury, Connecticut 


Information Retrieval and Reporting by Leveraging Off-the-Shelf Enterprise Software 
* Communications Electronics-Life Cycle Management Command Acquisition Center, Fort Monmouth, New Jersey 
¢ Intermountain Health Care, Salt Lake City, Utah 


Honorable Mentions: Briggs & Stratton, Wauwatosa, Wisconsin 
CHEP, Orlando, Florida 
County of Santa Clara, California, San Jose, California 


Managing and Enhancing BI Applications and Infrastructure 
¢ AT&T, Middletown, New Jersey 
¢ University of Minnesota, Minneapolis, Minnesota 
Honorable Mentions: IBM, Somers, New York 
NACCO Materials Handling Group (NMHG), Greenville, North Carolina 
United States Postal Service, Washington D.C. 


Planning, Designing and Building the BI Infrastructure 
¢ Amgen, Inc., Thousand Oaks, California 
* Export Development Canada (EDC), Ottawa, Canada 


Honorable Mentions: Commission Junction, Santa Barbara, California 
Nielsen Media Research, Oldsmar, Florida 
Pfizer Health Solutions, Inc., Santa Monica, California 


MARK YOUR CALENDAR The third annual Business Intelligence Perspectives Conference is September 25-27, 2006 at the JW Marriott Desert Springs Resort in Palm Desert, California. 
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Blue Shield of Calif. 


Appoints MacKinnon 
San Francisco-based Blue 
Shield of California has named 
ELINOR MacKINNON senior vice 
president and CIO. MacKinnon 
joined Blue Shield in 2004 as 
vice president of applications. 
Previously, she was interim ClO 
at Chiron Corp. and has worked 
in senior technology positions at 
Charles Schwab & Co. and SHL 
Systemhouse Inc. 


TravelClick Chooses 
Hinkel as New CIO 


TODD HINKEL has been named 
ClO at TravelClick Inc., a provider 
of hotel e-commerce systems 

in Schaumburg, Ill. Hinkel had 
been co-founder and president of 
Customer Evolutions Inc., a data 
integration services provider. 
Previously, he was vice president 
of customer management solu- 


tions at Tanning Technology Corp. 


Lines to Serve as 
CSO at TransUnion 


TransUnion LLC, a Chicago- 
based information provider, an- 
nounced that MICHAEL LINES 
has joined the company as chief 
security officer. He will report to 
CIO Len Lombardo. Previously, 
Lines was CSO at Fair Isaac 
Corp. and CIO at Narex Corp. 


Kerns to Head IT 
At BostonCoach 


BostonCoach, a Boston-based 
provider of ground transporta- 
tion services, announced that it 
has named THOMAS J. KEARNS 
ClO. Previously, Kearns was 
vice president of IT at Reebok 
International. 


Coggeshall Named 
CTO at ID Analytics 
ID Analytics Inc., an identity risk 
management company in San 
Diego, has appointed STEPHEN 
COGGESHALL chief technology 
officer. He has worked closely 
with the company since its in- 
ception in 2002. Prior to joining 
ID Analytics, Coggeshall was 

an executive director at Morgan 
Stanley. 
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MANAGEMENT 


BART PERKINS 


www.computerworld.com 


Penny Wise 
And Pound Foolish 


N RECENT YEARS, CIOs have been under intense pressure 
to reduce costs in any way possible. Most have focused 
their efforts on standardizing their infrastructures and re- 
ducing the number of vendors in their supplier portfolios. 
Standardization has decreased costs while providing im- 
proved flexibility and facilitating scalability. However, it has 
also resulted in significant software-industry consolidation 
over the past several years. In fact, according to a recent report 
by Saugatuck Technology, the Big Four (IBM’s software group, 


SAP, Oracle and Micro- 
soft) now account for 65% 
of worldwide software- 
industry revenues and 
more than 88% of that in- 
dustry’s profits. It’s time to 
step back and consider the 
long-term ramifications. 

Although standardiza- 
tion efforts have indeed 
enabled CIOs to meet 
their companies’ demands 
to reduce costs, many are 
worried about the undesir- 
able aspects of industry 
consolidation. 

Over time, all-purpose 
software packages tend 
to become bloated with 
features that many users 
don’t want or need. Indus- 
tries dominated by a few large compa- 
nies are typically neither innovative 
nor customer-focused. Moreover, with- 
out healthy competition, prices invari- 
ably increase while service declines. 

Many CIOs are acting to address 
these concerns, and so can you. Here’s 
what you can do: 

@ Keep sales competition alive. Although 
it makes sense to designate preferred 
vendors for certain products and ser- 
vices, you also need a mechanism to 
ensure that every vendor delivers the 
best mix of price and service. 

Effective techniques include audit- 
ing a vendor’s charges, benchmarking 
industry pricing and periodically in- 
viting other vendors to bid. Demon- 
strating that you are in contact with 
competitors helps keep the sales team 
highly motivated to provide good 


him at BartPerkins@ 
LeveragePartners.com. 





service. Simply using a 
competitor’s mug can send 
a subtle message. 

@ Migrate to open standards. 
Virtually all IT organiza- 
tions are designing their 
architectures around 
open standards. Admit- 
tedly, it may take years 
for established companies 
with large legacy technol- 
ogy bases to complete the 
actual migration to the 
desired architecture. But 
meanwhile, some major 
organizations, including 
the U.S. Navy, are taking 
proactive measures. They 
are encouraging their key 
vendors to also migrate 
their technology to open 
standards. In cases where no such 
standards exist, some of these organi- 
zations are working with their vendors 
to create the standards. 

Other organizations are standard- 
izing on browsers to enable a variety 
of hardware and software to use an 
application. 

® Look beyond the obvious suppliers. 
Take time to investigate multiple sup- 
plier options. For example, second- 
tier ERP packages can work well for 
smaller business units. On the desktop, 
StarOffice and OpenOffice read and 
write Microsoft Office files. 

In addition, look for new entrants 
selling software. According to India’s 
National Association of Software and 
Service Companies, software sales 
from Indian companies increased 30% 
last year to $3 billion. Currently, Tata 





| Group sells software packages for the 


banking, insurance, accounting, manu- 
facturing and health care industries. It 
stands to reason that other systems in- 
tegration firms (e.g., Syntel, Cognizant 
and Wipro) will also translate their 
application development expertise into 
industry-specific software packages. 

China’s prime minister recently 
visited India, where the two nations 
discussed working together to achieve 
world leadership in the IT industry. 
Down the road, expect to see many al- 
ternative products from these countries 
and other nontraditional providers. 

@ Pursue open-source options. The open- 
source movement is gaining support 
on multiple fronts. Some venture capi- 
talists believe that open-source-based 
companies will figure prominently in 
the future. For example, Matt Miller, 

a venture capitalist at WaldenVC, is 
interested in funding companies with 
open-source suites to automate prob- 
lem management, change control, 
network management and other inter- 
nal IT functions. 

State and local government agencies 
are also getting on the bandwagon. 
Kansas, Pennsylvania, Massachusetts, 
Utah and other states have formed the 
Government Open Code Collaborative. 
Its purpose is to share computer code 
developed for and by government enti- 
ties, at no cost. 

Consolidation in the U.S. and West- 
ern European software industries 
will continue, as Oracle’s acquisition 
of Siebel shows. As you plan your 
software purchases, consider the 
long-term implications. A high con- 
centration of revenues and profits in 
the Big Four will ultimately result in 
less innovation, less competition, big- 
ger packages and higher prices. So be 
careful about how much leverage you 
give the software giants. Consider 
your software alternatives now, or 
Monopoly will be more than just a 
board game. » 


WANT OUR OPINION? 


For more columns and links to our archives go to: 
www.computerworld.com/columns 








YOUR JOB IS TO KEEP SYSTEMS AND APPLICATIONS RUNNING. 
OUR MISSION IS TO KEEP PEOPLE AND INFORMATION CONNECTED. 
LET’S WORK TOGETHER. 


Continuous access to information no matter what. That’s 
Information Availability. It’s what your employees, suppliers and 
customers demand every minute of every day. But to deliver it 
flawlessly, you need a massive giobal infrastructure, redundant 
systems and diverse networks being monitored and supported 
by skilled technical experts at secure facilities. That’s exactly 
what SunGard provides. 


As a result, we can offer you a higher level of availability and 
Save your company, on average, 25% versus building the 
infrastructure yourself. Plus, it’s a vendor neutral solution that 
lets you control your data,applications and network while giving 
you the flexibility to adjust to the changing needs of your 
business. But best of all, it lets you spend more time solving 
business problems and less time solving technical problems. 


For years, companies around the world have turned to 
SunGard to restore their systems when something went 
wrong. So, it’s not surprising that they’re now turning to us 
to mitigate risk and make sure they never go down in the 
first place. 


You want your network and systems to always be up and 
running. We want the same thing. Let’s get together. To 
learn more, visit www.availabilitysungard.com or call 
1-800-468-7483. 


SUNGARD |\si:"=2°, 
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Aligning Customer Needs with an Optimal investment Strategy. 





1nt NEW 
GLOBAL VILLAGE. 


COURTESY: THE WORLD’S LARGEST, WHOLLY-OWNED, CONVERGED, GLOBAL IP NETWORK. 


“Based on the 2005 Yankee Group Global Network Strategies Survey, U.S.-based enterprise 
users of global data and IP services have ranked Global Crossing number one in service 
reliability and price — demonstrating Global Crossing’s price/performance capabilities, 


delivering the value which enterprises are seeking from a global service provider.” 


Paris Burstyn, Telecom Strategies North America, The Yankee Group 


Reserve your place at the absolute center of a new, instantly accessible world of frictionless commerce. A world 
we pioneered. Over a single IP connection, all your business applications can be seamlessly converged and totally 
secured over Global Crossing IP VPN, VoIP, iVideoconferencing™ services. Over a single IP connection, you are moments 
away from your offices, your sales staff, your partners and anywhere in the world managed by engineers and support staff who 
understand what customers need. And you can have this new, accessible world without changing a thing in the infrastructure 
you have in place now. Sound too perfect to be true? Ask the 40% of the FORTUNE 500° companies we're doing business with 


today. The new global village. It's time you moved in. For more detailed information, point your browser to globalcrossing.com. 


€ Global Crossing’ 


One planet. One network.” Infinite possibilities. 





KNOWLEDGE CENTER 
- OUTSOURCING 


Data Diligence Five Questions The New MSPs 

It takes a skilled lawyer For Your MSP Value-added resellers had better shift 
to skirt danger zones in a | And other tips for helping your to the MSP model of doing business or 
managed service provider company’s business users negoti- they may not be in business much lon- 
agreement. ate a contract. ger, says columnist Mark Hall. 














EDITOR’S NOTE 


N MID-2000, Gartner predicted that 
60% of the more than 700 applica- 
tion service providers then in exis- 
tence would fail by the end of 2002. 
The prediction was viewed as too 
eee - Be pessimistic at the time, but as it turned 
PROD. N out — after the dot-com crash — the 


reson failure rate was more like 90%. It was an 
10113 “almost absurd imbalance between supply 
and demand,” Gartner noted. 

So it’s no surprise that the surviving 
vendors (and new ones) don’t care much 
for the ASP moniker. That’s why the 
buzzword-makers have come up with 
new terms to replace ASP, like “software 
as a service,” on-demand software, host- 

ICHARDBOREE com ed applications and managed service 
provider. 

Some things have changed since the 
dot-com days: The reincarnated ASPs 
have taken on more roles and more 
customization than the traditional ASP 
model allowed. But some things haven't 
changed, like the reasons why busi 
nesses are intrigued by the ASP concept. 
Users are attracted to the promise of 
reducing costs, gaining access to an ap- 
plication much faster than they could via 
internal development, and freeing the IT 
staff to work on more strategic tasks. 

For these reasons, Gartner’s latest 
research shows that almost one-third 
of U.S. companies currently use an ASP 
and another 22% plan to do so in the 
next two years. 

Still, this is far from a mature market, 
so users need to tread carefully. Our spe- 
cial report will help you assess the pros 
and cons, watch for legal land mines and 
grill the ASP salesman who’s knocking 
on your door. ? 


Application service providers fj crit Grins iees 
are back for asecond act. 
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Black & Veatch chose an MSP over an ASP. “Hosting Web sites is literally a commodity on the market today,” says 


TheNewrmosts 


Managed service providers add customization 
to the old ASP model. By Stacy Collett 


Card 


OTT INDERMAUER 


www.computerworld.com 


N 2002, Black & Veatch Corp. 

signed on with an outside service 

provider to run and maintain its 

procurement software. But as 

business grew at the engineering 
consulting and construction firm, so 
did the demands of its partners and 
clients. They wanted access to docu- 
ments that could help them with the 
procurement process without having 
to pass through B&V’s firewall. They 
also wanted to collaborate with one an- 
other on projects via the Internet — a 
big request that’s not usually handled 
by a traditional application service pro- 
vider. But it’s one of the many types of 
added services offered by the next gen- 
eration of service provider — the MSP, 
or managed service provider. 

MSPs have emerged over the past 
five years as an alternative to tradition- 
al application service providers. 

Because the roles of ASPs and MSPs 
overlap, analysts differ in how they dis- 
tinguish between the two categories, but 
most agree that with an MSP, the com- 
modity-based model of the ASP has been 
replaced by an organic partnership. 


The Icing 

Traditional ASPs host standard ap- 
plications with little customization 

on their servers for a monthly fee per 
user. Some might offer limited extra 
services. An MSP will offer custom- 
ized applications and throw in busi- 
ness processes, as well as engineering, 
security, maintenance, and monitoring 
and reporting of network servers. In a 
fully outsourced network management 
arrangement, an MSP can manage ad- 
vanced features like IP telephony, mes- 
saging, call centers and virtual private 
networks. 

“Hosting Web sites is literally a com- 
modity on the market today,” says Mi- 
chael Lamb, director of e-business and 
Internet service at Overland Park, Kan.- 
based Black & Veatch. “It’s very difficult 
to find a company that understands our 
business, what our true business re- 
quirements are and really tries to help 
us fix things with our clients.” 

LoadSpring Solutions Inc. in Law- 
rence, Mass., was able to grant B&V’s 
partners and vendors access to des- 
ignated procurement documents, as 
well as host a separate Internet-based 
collaborative environment for project 
management where participants can 
securely share information, schedules 
and designs. “We can collaborate with 
those clients without opening the se- 
curity door. That’s really where they’re 
providing the most valuable service for 
us,” Lamb adds. 

Continued on page 64 





DON'T LET 
SPYWARE 
SABOTAGE YOUR 
ENTERPRISE. 


The next threat is no threat with Trend Micro. 


Expose and eradicate spyware with Trend Micro's Enterprise-class, multi-level, 
anti-spyware solutions. They're the only solutions that block and clean at the gateway— 
the most effective point of control. Trend Micro. #1 global leader at the gateway and 
industry pioneer. Whether it's a virus, worm, spyware, or spam, we've got you covered. 


For a FREE evaluation and IDC whitepaper, 


go to www.trendmicro.com/spyware 
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What They Do 


Application service provider. A com- 
pany that provides software functionality 
over the Internet or private network for a 
fee, usually based on the number of soft- 
ware users. In theory, subscribing to an 
ASP allows a company to avoid purchas- 
ing, installing, supporting and upgrading 
expensive software applications, but the 
software has little customization. 


Managed service provider. An MSP 
provides delivery and management of 
network-based services, applications and 


Continued from page 62 

Business growth, demands for cus- 
tom systems, concerns about security, 
budget constraints and limited work- 
forces are among the many reasons 
why companies are becoming more 
interested in MSPs. 

American Airlines Inc., for instance, 
chose San Francisco-based Totality 
Corp. to host its Web site, contact cen- 
ter and voice self-service systems after 
realizing it would need to hire teams 
of elite engineers to manage complex 
new technologies that recognize voice 
commands or automatically forward 
flight information to wireless devices. 
What’s more, technical issues were 
becoming customer experience issues, 
and the slow advancement of online 
systems began affecting business rela- 
tionships with customers. 

“We needed the ability to manage 
not only our infrastructure, but also 
our customer-facing processes in an 
integrated fashion,” Scott Hyden, Amer- 
ican’s managing director of interactive 
marketing, wrote on Totality’s Web site. 

Like American Airlines, many com- 
panies “needed to step back and really 
do some engineering of how the whole 
site is put together and how the serv- 
ers are put together,” explains Henry 
Howard, project director at TPI Inc., a 
Dallas-based outsourcing consultancy. 
Concern about fail-over issues and 
hackers added to their dilemma. MSPs 
sprung up offering value-added ser- 
vices to address those concerns. 

So when does an application or proc- 
ess warrant the help of an MSP? 

“Some things lend themselves well 
to the ASP model,” says Adam Braun- 
stein, an analyst at Robert Frances 
Group Inc., an IT business advisory 
firm in Westport, Conn. If a midsize 
company’s customer relationship man- 





equipment for a fee. MSPs can be hosting 
companies or access providers that offer 
services such as fully outsourced network 
management arrangements. 

Most of these services can be per- 
formed from outside a company’s internal 
network with Internet security for applica- 
tions and content provided. 

Clients might pay a premium monthly, 
annual or per-minute fee for an MSP’s 
services, but the risk mitigation may be 
worth the price. 

- STACY COLLETT 


agement application requires a tweak 
to the business process flow, an ASP 
can work. 

“But if you had what you thought 
was super [business] process flow .. . 
more often than not that couldn’t be 
mapped” by an ASP, he adds. “While 
some sophisticated ASPs exist today, 
they won't offer the comprehensive 
services that an MSP provides, gener- 
ally to top-tier client sites.” 

“I see some incremental growth in 
certain types of MSP offerings,” says 
Art Schoeller, an analyst at Boston- 
based Yankee Group Research Inc. 
“Hosted voice self-service, CRM soft- 
ware, call center technology, hosted 
workforce management — each slice 
has its own dynamic in terms of how 
it’s evolving.” But even so, he says, 
“it’s more single-digit change of market 
share.” 

Companies are becoming interested 
in managed virtual private networks as 
their needs for nationwide access and 
protocol management grow, Schoeller 
says. Security as a managed service, 
such as virus protection on VPNs, 
is also attractive “because it’s a hot 
topic” and qualified staffers are hard 
to find, he adds. Hosted contact center 
and voice self-service systems are also 
gaining strength as companies find that 
these technologies require specialized 
staff. 


Pay More, Get More 

Yes, companies are going to pay a pre- 
mium for MSP services, but the risk 
mitigation might be worth it. 

Black & Veatch won’t divulge the 
monthly and annual fees paid to its 
MSP, but Lamb says the price beats the 
alternative. “Looking at what it would 
take to train your people and buy the 
internal system, that’s the amount of 





cost we were trying to avoid. They can 
provide it more readily and cheaply 
than we could do ourselves,” he says. 

When it comes to hosting complex 
customer Web sites, MSPs provide 
insurance and confidence in the infra- 
structure. 

“The major airlines and electronics 
retailers with a major presence on the 
Web will tell you — if that Web site 
takes a hit, particularly during a holi- 
day season, you're losing huge amounts 
of money. They just can’t do that,” says 
TPI’s Howard. What’s more, “these are 
cream-of-the-crop engineers,” he adds. 
“You're going to pay a premium.” 

The scalability alone that an MSP 
can provide is worth the price, says 
David O’Connell, a senior analyst at 
Nucleus Research Inc. in Wellesley, 
Mass. Insurance companies, for in- 
stance, have hundreds of claims ad- 
justers in the Gulf Coast area taking 
care of clients affected by hurricanes 
Katrina and Rita. Those companies’ 
systems need the scalability to handle 
the rush of activity. 

“You don’t want to be the company 
that’s getting written up in The Wall 
Street Journal because your claims ad- 
justers are walking around Louisiana 
with handhelds that aren’t working. 
They should be transmitting to the 
home office,” O’Connell says. Worse 
than that, companies have to be con- 
cerned about their reputations on the 
ground, which can be ruined if “your 


this decade when large companies be- 
gan to realize that it takes more than 
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agents weren't able to cut checks off 
these handheld systems that were sup- 
ported by the back office.” 

How can they afford it? Some of 
these MSPs have cut sweet deals with 
clients to get their logos on major re- 
tailers’ Web sites, Howard says. For 
others, it’s simply a matter of deciding 
where the expense will be posted on 
the corporate balance sheet. 

“T advise folks to look at managed 
services vs. equipment,” says Yankee 
Group’s Schoeller. “How much of the 
asset do you want on your books? How 
much of the staff do you want on your 
books? It’s still on your books, but it’s 
just another line item on your P&L.” » 





Collett is a Computerworld contributing 
writer. Contact her at Stcollett@ 


! aol.com. 
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Introducing Cisco plus. 


Cisco Systems, Inc. is not affiliated or associated with nor 
does it endorse the products or services of 3Com Corporation 
Whoa! Big surprise. So yes, we do compete with Cisco. But we 


also co-exist with them as an overlay to your current network 


3com.com/AdvanceTheNetwork 





TECHNOLOGY THAT GETS YOU 
“EVERYTHING’S 
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IBM eServer xSeries 226 Express 


An entry-level 2-way server that 
offers the reliability and 
performance needed for day-to- 
day computing. Easy to set up 
and deploy, with access to all 
major system components. 


System features 


Up to two Inte 


Processors 3G 


$1,639** 
(Other configurations as low as $1,229) 


RM inanecin c " ne 
D rinancing Advantage 


nly $46 


IBM eServer xSeries 346 Express 


Help maximize performance and 
improve availability in a rack 
dense environment with 
Xtended Design Architecture" 
Includes Calibrated Vectored 
Cooling, an IBM innovation that 
helps increase uptime. 


System features 

Up to two Intel® Xeon™ 
Processors 3GHz/2MB 

Two-way 2U rack server 


Up to 16GB DDR2 memory 
using 8 DIMM slots with 
enhanced memory 


Limited warranty 
3 years on-site 
$3,315** 
(Other configurations as low as $2,219) 


INKA Cir 
BMV Financi 


$93 


IBM TotalStorage DS300 Express 


IBM eServer xSeries 260 Express 


IBM's newest third-generation 
Enterprise X-Architecture 
server. Designed for companies 
looking for database, e-mail, 
Web/e-commerce or consolidated 
application serving 


System features 


Up to four 64-bit Intel® Xeon™ 
Processors MP, up to 3.66GHz 


Four-way tower or 7U rack 
capability 


Up to 3.6TB hot-swappable 
SAS (serial attach SCSI) 
hard disk storage 


Up to 64GB of memory with 
advanced memory protection 


Limited warranty: 3 years on-site 


$5,399** 


(Other configurations as low as $4,599) 


$151 


System features 


This entry-level, cost-effective iSCSI host- 

attached storage system utilizes your existing 

network infrastructure to deliver advanced i J 14 
functionality. Provides an exceptional SAN {Itra320 SCSI d 
storage solution with xSeries servers for 


e-mail/file/print. 


$6,455°* 


(Other configurations as low as $2,995) 


IBM eServer BladeCenter HS20 Express 


Offers extreme flexibility and 
scalability, plus it helps to 
consolidate and simplify your 
infrastructure. Helps reduce 
power consumption and save 
valuable floor space. 


System features 
Up to two Intel” Xeon™ 
Processors 3.20GHz/2MB 
Up to 14 blades per chassis 
Supports both 32- 
and 64-bit applications 
IBM Director 
Limited warranty 
3 years C 


$2,899" 


(Other configurations as low as $1,669) 
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USED TO SAYING: 
UNDER CONTROL’ 


IBM Express Servers and Storage™ for mid-sized business. 


Know an 1.T. person who doesn't like to hear that “everything’s under control”? 
We don’t. That’s why we offer an innovative management tool called IBM 
Director that can alert your |.T. people to potential problems up to 48 hours in 
advance! 


And our Calibrated Vectored Cooling on select xSeries® servers helps cool your 
systems more efficiently. Packing more servers into a single rack. Helping to 
Save space, energy, money. 
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Ready 


FOr Fosting: 


MSPs fill in IT gaps but are no one- 
size-fits-all solution. By Mary Brandel 


OU MIGHT say that Premier 

Inc. in Charlotte, N.C., is 

through with outsourcing. 

Three years ago, it let its con- 

tract with its provider of five 
years run out and insourced nearly all 
aspects of IT. But there’s one function 
the health care consultancy couldn’t 
justify bringing back in-house: the help 
desk, says Greg Archer, vice president 
of corporate IT services. 

Unlike other areas of IT, the help 
desk wasn’t supporting a rapidly 
changing business model. Considering 
the time and cost involved in develop- 
ing the help desk infrastructure itself, 
plus training and managing personnel, 
outsourcing looked favorable, he says. 

But Archer didn’t turn to a tradi- 
tional outsourcer; he hired Everdream 
Corp., a Fremont, Calif.-based managed 
service provider (MSP) that provides 
Web-hosted desktop management ser- 
vices. Now, when Premier users call 
the help desk, each call is answered 
by an Everdream technician who 
— thanks to agent technology deployed 
on the users’ PCs — can troubleshoot 
and fix the issue remotely. If the prob- 
lem is too complex, it can be escalated 
to Premier’s on-site staff. The agent 
technology also alerts Everdream to 
which PCs need the latest patches so 
the MSP can automatically update 
them over the Internet. 

“The demands our business is put- 
ting on us are causing us to change 
rapidly, with the exception of the help 
desk, which is more standardized and 
isn’t going to change significantly,” 
Archer says. “And at the same time, we 
knew we could improve our service 
levels” via an MSP. 

As more businesses like Premier 
turn to MSPs, they are taking a hard 
look at their IT operations before slic- 
ing off a piece that’s MSP-friendly. The 
final decision depends on how compa- 
nies view their IT operations — what’s 
core, what’s rote, what they don't 
have the resources for and what they 
wouldn’t trust anyone but themselves 
to do. And those determinations must 
be weighed against the many benefits 
an MSP can offer, such as reduced costs 
and automated operations, as well as 
possible pitfalls of this model, such as 
security issues or the inflexibility of a 
one-size-fits-all application. 

In Premier’s case, going with an MSP 
— combined with insourcing its other 
IT operations — has resulted in in- 
creased uptime on all of the company’s 
core systems, improved customer sat- 
isfaction and at least $2 million in sav- 
ings, Archer says. 

But for another company, handing 
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over desktop management to an 

MSP might be a big mistake, says Jeff 
Kaplan, managing director of Think- 
strategies Inc. in Wellesley, Mass. 
“Some organizations have a culture 
that permits a certain amount of cus- 
tomization in the desktop arena, which 
may not be acceptable from an MSP 
perspective, since they might need to 
standardize the platforms to effectively 
manage them,” he says. 

Not to mention the fact that if you’ve 
enlisted the MSP to manage a full 
range of desktop management services 
and a service fails in some way, it could 
be very disruptive to other parts of 
your environment if the MSP doesn’t 
take corrective measures quickly, 
Kaplan says. 

For that reason, it’s becoming clear 
that the most important aspect of an 
MSP relationship is trust — possibly 
even more so than service-level agree- 
ments or a detailed contract. “You've 
got to have a good partnership,” Archer 
says. “When you have to depend on a 
contract, you’re in trouble.” 


To Each His Own 


The trust factor rings true for In- 
terim HealthCare Inc., a health care 
staffing provider in Sunrise, Fla. The 
company’s major reason for using an 
MSP was because it lacked a database 
administrator for its Lawson Software 
ERP system, which runs on an Oracle 
database. That was the situation in 
2001, when Satish Movva, now CIO, 
joined Interim. 

When Movva looked into hiring a 
database administrator, he found most 
candidates’ salary requirements to be 
staggering. Plus, Movva realized, he 
didn’t even need a full-time adminis- 
trator. He considered hiring a consult- 
ing company that he could use on an 
on-call basis, but he knew he wouldn’t 
always be working with the same 


| 
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database administrator on each trouble 
call, and it still put him in reactive 
mode rather than having someone 
consistently monitoring the database. 
“The reliability just wasn’t there,” 
Movva says. “I wanted a dedicated 
DBA company.” 

Movva hired dbaDirect Inc., a data 
infrastructure management services 
company in Florence, Ky. Tunnel- 
ing through Interim’s virtual private 
network, dbaDirect now monitors the 
Oracle database around the clock using 
BMC Software Inc.’s Patrol and other 
tools. Since signing on with dbaDirect, 
Interim has upgraded the Lawson ap- 
plication three times, with dbaDirect 
handling the database side. 

Most important to Movva is that the 
MSP knows his system intimately, even 
though there have been some person- 
nel changes. “That’s a huge deal for 
us,” he says. “When your system needs 
help, you don’t want to explain to the 
guy on the other end how you're set 
up. You want the consistent face on the 
other end who knows the network as 
intimately as your staff, even though 
he’s not full time.” 

Kaplan agrees that MSPs should 
offer more than just a remote service; 
they need a professional services staff 
that’s able to get a firm handle on cli- 
ents’ operations. “It’s been an impedi- 
ment for MSPs that didn’t build their 
business models to include this front- 
end person,” he says. 

But as happy as Movva is with dba- 
Direct and despite the fact that he also 
uses an offshore MSP for some applica- 
tion maintenance, there are some areas 
for which he would never use this 
model. 

One of them is the firewall. Interim 
previously used MCI Inc. as a firewall 
services provider, but Movva terminat- 
ed that relationship when he joined the 
firm. And while many companies use 
an MSP for network operations, “be- 
cause we’re a health care company, our 
patient information here is sacrosanct,” 
Movva says. “I don’t want to open that 
up to a third party.” 

Indeed, with federal regulations 
such as the Sarbanes-Oxley Act and 
the Health Insurance Portability and 
Accountability Act, companies need 
to be mindful of balancing compliance 
concerns with MSP activities. 

“With a third party tunneling in 
through the firewall port and penetrat- 
ing the trusted network, it probably 
drives the compliance guys crazy,” says 
Ted Chamberlain, an analyst at Gart- 
ner Inc. “How can you be fully certified 
if you’ve got other parties manipulat- 
ing your data?” 





Similar to Interim, LaBarge Inc., an 


| electronics manufacturing services 


provider in St. Louis, couldn't justify 
hiring a full-time staff member to 
monitor its data center for equipment 
failures, power outages or temperature 
fluctuations. Still, it wanted to know of 
problems right away, especially if they 
happened outside of business hours. 
LaBarge hired Certified Nets Inc., 
an MSP in Chesterfield, Mo., that uses 
SilverBack Technologies Inc.’s Silver- 


| Streak Management Tunnel, which 


performs remote monitoring of IP 


| devices over the Internet. 


Tweaking the system to LaBarge’s 
needs took a few months, says George 
Hayward, director of information sys- 
tems, during which time the MSP set 
up who needed to be alerted to what. 
During a two-day power outage caused 
by storms, the MSP alerted LaBarge’s 
IT staff that the air conditioning in the 


| data center hadn’t been powered up by 
| the generator, enabling the company to 
| address the issue before systems failed. 


Hayward is considering using an 
MSP for his storage systems as well. 
“It used to be a question of whether 
we could get our data off-site fast and 
cheap enough, but with bandwidth be- 
ing as cheap and plentiful as it is now, 
that’s not a gating issue,” Hayward 
says. He will likely go with a hybrid 
model, but privacy is a major consider- 
ation. 


Kanner 
Year 


The growing desire of enterprises 
to focus efforts on their core busi- 
nesses has led them to rely more 
heavily on MSPs to satisfy their IT 
and telecommunications require- 
ments. As a result, 53 MSPs that 
participated in a joint MSPAlliance/ 
Thinkstrategies benchmark study 
reported the following performance 
improvements, on average 

@ Sales revenue has grown 80% 
in the past year. 

@ Sales cycle time has dropped 
from six months in 2003 to four 
months currently. 

® Contract length has grown to ap- 
proximately 20 months, compared 
with 16 months in 2003. 

@ The percentage of existing cli- 
ents that buy additional managed 
services grew to 67.8%, up from 
64.7% in 2003. 
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“T’m not sure all our customers 
would be comfortable with that,” he 
says. 

But Hayward’s main concern is 
staying on the radar of the MSP itself. 


| “When you bring someone on full time, 


your company is all they’re thinking 
about. But if we had a natural disaster 
in town, [the MSP] has other customers 


| to deal with,” he notes. It’s important to 


weigh how many customers the MSP 
has and where you fall on that list, 
Hayward adds. 


| Avoiding the Cookie Cutter 


Equally important is finding an MSP 


| that’s willing to customize its service 


to your needs, particularly as your 
needs change. That means avoiding 
those whose business models rely on 
offering a cookie-cutter solution. “If 
you start doing something slightly dif- 
ferent from what they’re offering up, 
their one-size-fits-all approach might 
not fit you,” Archer says. 

For instance, Archer knows he’d 
like to develop a problem-tracking and 
change m 
for Premier’s internal use and then in- 
tegrate that with Everdream’s problem- 
tracking system. 

The type of integration Archer is 
seeking is still rare, according to Gart- 
ner’s Chamberlain, but it may become 


anagement workflow system 


| less so. “Right now, the majority of 


MSP-like services are basic monitor- 
ing/management services,” he says. 
“But [increased integration] is a natu- 
ral progression, and there will need to 
be standardization around things like 
Web services to make it easier to trade 
application components.” 

Whatever the case, Archer is confi- 
dent that he has chosen a partner that 
will be open to making the system 
work. “I believe there can be many 
pitfalls if you have a company that’s 
not willing to work with you when you 
have significant changes to your busi- 
ness,” he says. ? 

Brandel is a Computerworld con- 
tributing writer. Contact her at 
marybrandel@verizon.net. 
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It takes a skilled lawyer to skirt danger 
zones ina managed service provider 
agreement. By Jennifer Jones 


T’S TIME to bring on a managed 
service provider. First, hire all 
the lawyers — or at least consider 
having some legal representa- 
tion. Ideally, enterprises large and 
small will have access to an IT attor- 
ney who specializes in security, priva- 
cy and the myriad new data disclosure 
laws that regulate many sectors. 
Minus legal representation, compa- 
nies could be open to serious liability. 
For instance, if an MSP is hacked or 
personal data is stolen or compromised 
by MSP employees, the customer will 
be held entirely responsible. Hence, 
agreements should spell out security 
measures and background checks. 
“There should at least be an agree- 
ment in place that ensures MSPs 
disclose breaches,” suggests Michael 
Rasmussen, an analyst in Forrester 
Research Inc.'s enterprise risk/compli- 
ance management group. 
Be warned, however, that lawyers 
who know the ins and outs of these 





areas are hard to find. Given this scar- 
city of seasoned IT attorneys, some 
businesses have the option of spending 
long hours educating corporate law- 
yers on the nuances of hiring an MSP 
or simply forgoing legal representation 
altogether. 

Most experts agree that some attor- 
ney involvement is better than none at 
ail and urge enterprises to invest up- 
front to guard against legal and secu- 
rity land mines — a rigorous exercise, 
but one with many potential payoffs. 
For instance, MSP negotiations offer a 
chance to re-examine languishing pri- 
vacy policies or to comb through and 
tighten security measures. 

For these reasons, MSP agreements 
brokered by larger corporations almost 
always filter through legal depart- 
ments. Says Mike Kline, manager of 
network operations at KB Toys Inc. in 
Pittsfield, Mass., “Absolutely every con- 
tract KB Toys signs goes through our 
in-house counsel for approval. What 
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| they typically do is add our own terms 


that govern areas such as exclusivity, 
liability and privacy.” The retailer of 
children’s products relies on MSP 
Atrion Networking Corp. in Warwick, 
R.L., for managed network services. 

At Wine Warehouse in Commerce, 
Calif., lawyers are included early on. 
“Once it is determined that the MSP is 
a viable candidate and that the services 
merit the investment required, then a 
series of ‘what if’ scenarios should be 
run through,” advises Kim Bugayong, 
vice president of IT. Wine Warehouse 
outsources services such as patch man- 
agement and server and backup moni- 
toring to provider Alvaka Networks 
Inc. in Huntington Beach, Calif. 

Vigilance is prudent, not because 
MSPs are neglectful but because prob- 
lems are common, experts say. “When 
outsourcing, it is surprisingly easy to 
do things like run afoul of a privacy 
policy,” says Dennis Kennedy, an IT 
attorney in St. Louis. 

Small to midsize businesses are the 
most vulnerable. “These companies are 
often run by CEOs who don’t always 
know they need a lawyer to review 
MSP contracts before they sign them,” 
Kennedy adds. 

That oversight can easily prove to be 
a huge mistake, notes Thomas Barnett, 
special counsel at New York-based law 
firm Sullivan & Cromwell LLP. “Ifa 
company is subject to federal and/or 
state regulations concerning disclosure 
of client information — such as those 
in the medical and banking industries 
— then any inadvertent disclosures 
of such information by the MSP could 
create significant liability for the com- 
pany,” he says. 


Know Thy Ally 

Along with soliciting good legal ad- 
vice, enterprise IT officials poised to 
hire MSPs would be wise to examine 
thoroughly both the service provider 
they’re courting and the MSP agree- 
ment they’re considering. “I’m looking 
for the track record of the vendor,” says 
Kline. 

After establishing a level of trust, 
spell out the limitations of the arrange- 
ment that will be put in place, advises 
Barnett. “It is typical to have an MSP 
execute very detailed confidentiality 
provisions that clearly define the own- 
ership and handling of the data, as well 
as its disposition,” he says. 

Data handling is especially criti- 
cal, notes Ian Campbell, president of 
Nucleus Research Inc. in Wellesley, 
Mass. “You may want to think about 
dedicated cabinets,” he advises. “This 
way, your applications are physically 
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| separated and locked down, so you 


don’t have to worry about who is wan- 
dering through your server farm.” 

Also consider the insertion of in- 
demnification clauses that force the 
MSP to shoulder the burden of compli- 
ance, suggests Robert Scott, an attor- 
ney at Dallas-based law firm Scott & 
Scott LLP. 

“Avoid agreeing to limitations of li- 
ability, to ensure that the MSP has a fi- 
nancial stake in the client’s compliance 
obligations,” he says. 

Just remember that ultimate respon- 
sibility will not rest with the MSP. 
“You can outsource development, busi- 
ness practices and other services, but 
you cannot outsource your liability,” 
Forrester’s Rasmussen wrote in a re- 
cent report. 


Fringe Benefits 

While a corporation can’t offload li- 
ability, it can use MSP negotiations to 
shore up internal practices. “My expe- 
rience with MSPs is that a lot of them 
are playing catch-up along with their 
clients,” says Charles Weaver, 
co-founder of the MSPAlliance 

in Chico, Calif. 

For instance, the due diligence 
behind KB Toys’ deal with Atrion 
enhanced its compliance with the 
stringent security guidelines from Visa 
U.S.A. Inc. The credit card behemoth 
imposes guidelines on merchants 
through its Cardholder Information Se- 
curity Program. “This has really forced 
us to completely double-check our se- 
curity and access,” says Kline. 

Dusting off established privacy poli- 
cies during MSP negotiations is also 
a good idea, especially if the service 
provider will be handling client data. 
“Usually, an MSP arrangement essen- 
tially moves this data to an external 
site but does not transfer ownership. 
The privacy policy needs to explain 
this,” cautions Wine Warehouse’s 
Bugayong. 

Don’t stop with new MSP deals. Ex- 
perts also advise enterprises to peruse 
existing contracts with an eye toward 
liability. 

“You can’t just roll over and pull the 
sheets over your head,” insists John 
Stehman, director of research at Rob- 
ert Francis Group Inc. in Westport, 
Conn. “You’ve got to renegotiate.” » 





Jones is a freelance writer in Vienna, Va. 
Contact her at Jjwriterva@aol.com. 


ADVICE ONLINE 


Lawyers offer free advice for negotiating and 
maintaining agreements with MSPs: 
computerworld.com/outsourcing 
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And other tips tor negotiating 
a contract. By Julia King 


ANAGED SERVICE providers 
sell IT-enabled services, 
which large businesses 
are increasingly buying 
piecemeal rather than 
charging their own IT organizations to 
acquire, install and run departmental 
applications in-house. In many cases, 
individual lines of business or func- 
tions such as marketing or human 
resources departments are contracting 
and paying for the services, bypassing 
internal IT organizations in the pro- 
cess. 
But experts say the most successful 
arrangements with MSPs are those 


designed and negotiated when business | 
| plumbing,” as long as they are regularly 
| getting the reports, sales leads or other 


and IT managers work together. “This 
is because most services are not pro- 
vided in a vacuum. Data from an MSP 
still must be fed to the customer and 
vice versa. IT is still involved,” says 
Mike Slavin, a partner at TPI Inc., an 
IT sourcing consultancy in The Wood- 
lands, Texas. 

Here are five questions you should 
ask to help your business users effec- 
tively negotiate the best MSP contracts 
— and keep IT in the loop. 





Who owns the license? 

The MSP almost always owns 

the license to software used to 

provide a service. In fact, the 

MSP typically owns virtually all 
hardware, software, support and main- 
tenance involved in delivering services 
such as sales contact management or 
benefits administration, according to 
Slavin. 

“An MSP’s value proposition is an 
end business result,” as opposed to 
delivering services using specific tools, 
he says. And that’s just as well, he adds, 
since buyers of MSP services — typi- 
cally business managers rather than IT 
managers — don’t care about the “IT 


services for which they’ve contracted. 


Who owns 

the process? 

The customer owns the pro- 

cess, and the MSP executes 

it. For example, Whirlpool 
Corp. recently signed a 10-year con- 
tract with Cincinnati-based Convergys 
Corp. to provide Web-based human 





resources services to the appliance 
manufacturer’s 68,000 employees 
worldwide. Whirlpool’s compensation 
requirements vary by country, and 
the company is able to modify its pro- 
cesses on a country-by-country basis, 
says Abby Luersman, vice president 
for HR solutions at Benton Harbor, 
Mich.-based Whirlpool. At the same 
time, Convergys is using SAP software 
worldwide to deliver the Web-based 
services, so Whirlpool gets the benefit 
of global data consistency. 

“Our HR generalists can leverage 
data globally around issues like diver- 
sity reporting and talent pool manage- 
ment,” Luersman says. “We have one 
global [software] platform, with consis- 
tency and standardization.” 


How will users 

be affected? 

The biggest change with an 

MSP arrangement is that us- 

ers can now bypass internal 
IT organizations. At the same time, 
users should expect to interact with the 
MSP in a more structured, disciplined 
way than they interact with internal 
IT, experts say. MSPs are very process- 
oriented, and there is a clearly defined 
set of steps users will need to take to ob- 
tain support or make a change. These 
are established at the beginning of the 
customer/MSP relationship via service- 
level agreements or contracts. 

“There’s a scripted nature to inter- 
acting with an MSP versus running 
down the hall and grabbing some IT 
guy and saying, ‘Fix this now,’” says 
Slavin. 

Another key difference is that many 
MSP-provided services are typically 
purchased by individual lines of busi- 
ness rather than a centralized procure- 
ment or IT organization, notes Damien 
Bean, co-founder of CareerCurrency 
LLC, an MSP that offers online training 
services. 

“The structure and pricing [of MSPs] 
allow end-user departments to now 
engage services directly and pay from 
their own operating budgets. Hence, 
the ability to bypass IT,” he says. 


Where do the 

savings come from? 

Typically, there are little 

or no cost savings in the 

conventional sense. What 
MSPs offer is “cost predictability,” says 
Robert McNeill, an analyst at Forrester 
Research Inc. in Cambridge, Mass. 
“There’s also cost flexibility in that 
you can switch services on and off,” 
McNeill says. 

Pulte Homes Inc., a $12 billion home- 
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builder in Bloomfield Hills, Mich., has 
a contract with Siebel Systems Inc., 
which was recently acquired by Oracle 
Corp., for Siebel’s CRM OnDemand 
services. “But we didn’t go after it for 
the cost savings,” says Jerry Batt, CIO 
at Pulte. 

Batt compares the economics of con- 
tracting with an MSP to those of leas- 
ing a new automobile instead of buying 
it. “The cash outlay overall is more if 
you lease, but you have upfront costs 
if you buy,” he says. In contracting for 
a service, Pulte obtained the latest and 
most sophisticated technology right 
away at a much lower upfront cost than 
it would have incurred had it bought 
and built its own CRM system, Batt 
notes. 

TPI’s Slavin says customers 
shouldn’t consider MSP services in 
terms of potential cost savings anyway. 
“There’s not a straight-up IT cost sav- 
ings, because the MSP is usually pro- 
viding some service that the current in- 
ternal IT infrastructure couldn’t have 
done,” he says. It’s more about results, 
such as gaining access to a new cus- 
tomer set, expanding your business or 
reducing your time to market, he says. 


What's the exit 
strategy? 
Whirlpool’s Luersman rec- 
ommends that users take 
particular care in work- 
ing out this part of an MSP contract. 
She also recommends building very 
specific timelines and details into 
the contract upfront. For example, if 
Whirlpool has a fluctuation in its em- 
ployee head count or needs to change a 
business process as a result of an acqui- 
sition, Convergys has a 60-day window 
to work through and change all of the 
services it provides. 

Bill Martorelli, another analyst at 
Forrester, says users should also be 
sure to include change-of-ownership 
provisions in all contracts with MSPs. 
Over the past few years, Martorelli 
notes, there has been an ongoing con- 
solidation in the MSP market. “If a new 
owner takes the acquired MSP ina 
different direction, the user wants to be 
able to get out of the contract,” he says. 

Even more important to consider is 
a replacement strategy, says Career- 
Currency’s Bean. “Exit strategies are 
an important consideration, but it may 
be time to also reconsider IT’s inher- 
ent reluctance to outsourcing,” he says. 
“The proper question relating to an 
exit strategy is not how do we get out 
of something but how do I replicate the 
underlying process somewhere else. 
It’s about protecting the investment.” > 





Juniper eta 


they 


>> Remote users calling it quits? You need Secure and Assured application acceleration, 
only from Juniper Networks. It means superior application delivery and performance for 
all users — employees, customers and partners. Plus increased control, and improved 
productivity. For more info, visit www.juniper.net/appaccel 


888-JUNIPER (888-586-4737) 





COMPUTERWORLD November 14, 2005 


Use of ASPs 


Almost one-third of U.S. companies 
currently use application service pro- 
viders, and a further 22% suggested 

that they will in the next two years. 


Currently 


No plans 
— use 


12 to 24 
. months 
Next 12months "9 L_fromnow 


BASE: 104 U.S. companies (small, midsize and large) 
SOURCE: GARTNER INC., STAMFORD, CONN 


AUGUST 2005 


Software as a service will have a 
significant impact on the way my 
company purchases software 
within the next year. 


Neither 
disagree 
nor 
agree 


“Disagree 


BASE: 176 IT executives 


SOURCE: IDC, FRAMINGHAM, MASS., APRIL 2005 


Which statement best describes 
your company’s interest in 
outsourcing applications? 

Currently 


No current engaged in an 
interest outsourcin 
————_—"—®) g 


project 
32% 28% 


eo——_ -- 
Currently 


—* 
Currently have investigating 


a pilot project 


BASE: 115 IT decision-makers at North American ser- 
vices firms. Percentages don’t total 100 due to rounding. 


SOURCE: FORRESTER RESEARCH INC 
CAMBRIDGE, MASS., SEPTEMBER 2005 
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MARK HALL 


The New MSPs 


F YOU’RE WORKING at a midsize company, you probably depend 

on a valued-added reseller, or VAR. If you happen to be at a small 
business, your VAR might just be your entire IT department. So, in 
some cases, your reseller is a trusted business partner; in others, it’s 


your business lifeline. 


But despite your long-standing relationship with your VAR, its business 
model is wobbling on the edge of a cliff. The margins on the hardware 
and software that VARs install for you have collapsed to almost zero. 


So, no matter how dependent you 
are on your VAR, now is the right time 
to evaluate its business model. Is it the 
old-fashioned VAR — delivering and 
configuring systems, handling backups, 
troubleshooting your network on-site? 

Well, if the market dynamics continue 
the way they’re going, you might not be 
working together much longer. At least, 
not unless your VAR has plans to morph 
into a managed service provider, or MSP. 

Gartner’s research indicates that as 
many as 40% of the nation’s VARs could 
go belly up if they don’t change their old 
business models of charging you a small 
premium to install your PCs, servers 
and routers and billing you by the hour to do prob- 
lem resolution. What your VAR needs to do, Gartner 
suggests, is become an MSP and charge you a small 
monthly fee to manage your IT infrastructure among 
other services. 

Luckily for VARs, you are becoming more interest- 
ed in subscribing to MSP-style offerings. And not just 
those of you who work at large, corporate IT shops 
and are accustomed to outsourcing anything and ev- 
erything. Forrester Research polled 869 IT decision- 
makers in small and midsize businesses (SMB) and 
learned that 12% are ready to outsource the manage- 
ment of their entire infrastructures. Doesn’t sound 
like much, but it’s up from a mere 8% in 2004. At the 
same time, 26% of SMBs are willing to offload at least 
the PC part of their infrastructures to an MSP, versus 
only 18% last year. 

If you’re working at a big company, you might 
think SMBs are small potatoes. But you’d be wrong. 
Forrester estimates that they will shell out nearly 
50% of the $785 billion IT dollars spent in the U.S. 
this year. And while large corporations and govern- 
ment are spending 6% more year over year, SMBs are 
growing at 8% annually. 

However, SMBs shouldn’t blithely assume that 
their friendly VARs will be able to smoothly make 
the trip to MSP land. At the very least, to do the job 
right, your MSP will need a network operations cen- 
ter of some sort. Pay it a visit, if you haven’t already. 





Does it have the remote monitoring ca- 
pability, the tools and the right people to 
handle not just your needs, but every one 
of the VAR-cum-MSP’s other customers 
as well? Remember, this is a shared ser- 
vice. That’s the new business model for 
your longtime business partner. Yes, the 
VAR part of the business will still show 
up and install your PCs, servers and 
whatnot, but it’ll make its real money 
by remotely managing them. 
Still, some of you have been burned by 
MSPs in the not-so-distant past. When 
MSPs first emerged in the late 1990s, 
then known primarily as application 
service providers, they initially went 
after SMBs — then promptly fell on their faces. The 
remote management tools weren’t as effective as 
promised, and the costs to manage devices were 
higher than most SMBs could afford. This time, 
MSPs have learned their lessons and intend to win 


| over SMBs along with larger companies. 


“Managed service providers are making a come- 
back, just like Martha Stewart,” says Christine Wash- 


| burn, vice president of marketing at Billerica, Mass.- 


based SilverBack Technologies, which sells remote 
monitoring tools specifically for MSPs. 

She recalls that in the late 1990s, MSPs would 
charge up to $2,000 per month to manage a single 
server. In the days when Unix systems administra- 
tors in Manhattan could bring down nice six-figure 
salaries, this might have made some sense. But in the 
post-IT-bubble economy, and with offshore tech tal- 


| ent pressuring salaries downward, that old model is 


stupid. However, Washburn says, improved monitor- 
ing tools let the new MSPs manage more endpoints 
and more customers with fewer technicians. So much 
so, she says, that the average price MSPs charge to 
manage servers is down to $110 per month. 

The new MSPs stand a real chance this time 
around, in part because their ideal target market 
— SMBs — is ready to embrace them. And, in part, 
because the business model for MSPs now makes 
sense. 

But your friendly VAR? It’s toast. » 
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Computer Support 
Specialist wanted by 
wastepaper whole- 
saler in Los Alamitos, 
CA. Bach. in Comp. 
Sci. related. Mail re- 
sume to Sunshine 
Paper LLC. 4281 
Katella Avenue, Suite 
222, Los Alamitos, 
CA 90720. 


Network Specialist in Hous- 
ton metro area. Design, 
configure, & test computer 
hardware, networking soft- 
ware, & operating system 
software for shipping indus- 
try. Maintain, trouble shoot 
& administer computer net- 
works. Requirements: Ba- 
chelor degree in Engineer- 
ing or Computer Science 
PLUS 2 yrs. exp. in job 
Fax resumes to JDL Enter- 
prises, Inc. Fax: (713) 521- 
7832 


Technical Services Manager's 
! Senior Software Architect's: 
Perform full life cycle develop- 
ment, testing, implementation 
using Oracle, SQLServer, C++ 
XML, UML, Java, J2EE, CGI 
PERL, Weblogic and Web- 
sphere. Handle critical opera- 
tions, Strategic computing & 
disaster recovery on UNIX/ 
Solaris/Window based systems. 
Req: MS in Comp. Sci/Engg. & 
6 months of exp. Send resume 
to HR, Object Technology Solu- 
tions, Inc., 8645 College Bivd. 
Ste 250, Overland Park, KS 
66210 


Shop-Floor Software engineer 
wanted by VIA _ Information 
(Metro, Ml). To advance scope 
and breadth of VIA's core prod- 
uct, Man-IT Business Atom 
Enginea, ascertain new cus- 
tomer requirements and formu- 
late process maps. Require MS. 
BS+5yr IT exp. Please send 
resumes to manit resumes@ 
via-it.com 


Detroit Housing Commission 
(DHC) seeks system analyst to 
customize application for house 
project, integrate DHC Intranet 
with active directory using 
ASP.Net, VB, Foxpro. Must have 
MS or BS+5yr exp. Send 
resumes to 2211 Orleans St 
Detroit, MI! 48207. EOE. No 
calls. 


Computer Professionals (Iselin) 
NJ based IT firm, Jr. Lvl posi's 
Progmr Analysts Software 
Engrs, Sys Analysts, to dviop. 
create, & modify general comp 
applic s/ware or specialized util 
ity programs. Analyze user 
needs and dviop s/ware solu 
tions. 


Sr. Lvl Posi'n, IT Mngrs, MIS 
Mngrs, ITS Directors to plan 
direct, or coordinate activities in 
such fields as electronic data 
processing, infor sys, sys analy- 
sis, & comp progmng 


Apply w/2 copies of rest 
HRD Software 
Group, Inc., 485 £, Rt 1 
240, Iselin, NJ 08836 


Software 


VP Technology 


ORSYP Software, Inc 
(Bedford, MA) seeks VP. 
Reqs: MS Degree in 
Comp Sci. 3 yrs exp. Must 
write/speak French. Excint 
knowledge Op Systems 
(mainframe & distributed) 


Please forward resume to 
T. Manissol (reference 
VPTech in subject line) at 
tma@orsyp.com 


Network/Application Developer 


We seek a candidate who can 
work through a network of mul 
tiple convince stores. Must have 
strong skills of Scheme, Re 
lational Database design, UML 
OOAD, VB.Net, Crystai Re 
ports, Erwin, Firewall Configura 
tion, Active Directory, Routers 
and Switches. BA Computer 
Science with 2+yrs exp. req 
Sent resumes to NAWAB 
CORP., 5 Farmers Lane, Head 
of Harbor NY 11780 


Computer Network 
Software Adminis- 
trator. Send resu- 
me to: Mary Kay 
Berg, Point.360, 
2777 North Ontario 
Street, Burbank, 
CA 91504. 


IT Careers editorials cover 


relevant topics in the 


following industries: 


Healthcare 
Security & Defense 
Finance 
Biotech/Pharmaceutical 
Insurance 
Diversity 
Consulting 
Telecom/Wireless 
Manufacturing 
And many more.... 


Our readers include the qualified 
IT professionals that your 
company is looking for. 


For more information, 


contact us at: 
800-762-2977 
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Thomson inc. is seeking a 
Cryptography Research Eng.., Sr. 
Member Tech. Siaif, at its Burbank. 
CA location to conduct research 
and devel. of fundamental mathemet- 
Ics and mathematical techniques (inc. 
Algebraic Cryptography and Applied 
Cryptography) to identify condi 
tional access and copy protec 
tion technologies suitable for use 
in a wide array of new digital 
products. Must have Master's 
degree or higher in Mathematics 
or Comp. Sci. (educ. must have 
included coursework in Applied 
Cryptography and Algebraic 
Cryptography) plus 1 
the reiated occupation of 
Cryptography Research. Salary 
and benefits commensurate with 


yr. of exp. in 


exp. Send resumes to: Thomson 
Inc. Attn: HR - Job # 9012, 10330 
North Meridian St., Indianapolis. 
IN 46290-1976. 


EDS is looking for an Informa- 
tion Analyst for its Chesapeake 
Virginia location to analyze plan 
documents, user requirements. 
procedures and problems to 
automate and improve existing 
systems. Requires Bachelors 
degree in English and one (1) 
year of experience in writing and 
translating technical specifica- 
tions; building table utilities 
using Access and VB. To apply. 
submit resume to Richard 
Paimer, Implementation Team 
Leader, EDS, 1434 Crossways 
Boulevard, Chesapeake, Virgin- 
ia 23320 in reference to 1111-J 


Software Engineer, Applications 

York, ME: Informatic Technolo- 
gies Inc. needs exp. profession- 
als, to develop, create & modify 
specialized applications using 
DB2, Oracle, Serviets, Java 
Weblogic, Rational Rose, Visual 
SourceSafe, JBuiider, Crystal 
Reports. Coordinate user needs 
and customize changes to 
enhance operational efficiency. 
Competitive salary with bene 
fits. Send resume to - Informatic 
Technologies inc Meadow 
Brook Plaza, 647 US Rt 1, Suite 
212, PO Box 2000, York, ME 
03909, Attn.: HR Department 


IT Manager (NY) IT firm to 
plan, direct, or coordinate 
activities in fields as elec- 
tronic data processing 
information systems, sys- 
tems analysis, and comput- 
er programming. Consult 
with users, management 
vendors & technicians to 
assess computing needs & 
system requirements. Ap- 
ply w/ 2 copies of resume 
HRD Amitronix, Inc., 246 
5th Avenue, Ste # 602 
New York, NY 10001 


NY IT Firm seeks F/T Progmr 
Analyst w/B.S. in Comp Sci 

Electronics & 2 yrs. exp., to 
plan & dvilop comp. pro- 
grams; Analyze user needs & 
system req.; Transiate& code 
s/w programs & applic’s using 
JDBC, SQL, JAVA & J2EE 
techns. Proficient in Java de- 
sign patterns & impimns, data 
comm. & applic'n security 
concepts & security archtectl 
skills.9-5p/40hr/Wk; Comp 
Sal; Reply w/2 copies to 
Global Source Group, Inc 
825 Walt Whitman Rd 
Melville, NY 11747 
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Product Manager 
Networks and IP Systems 


ADI, a Honeywell subsidiary is seeking a manager responsible for identi 
fying new/enhanced products, determining their value to the organization 
participating in the marketing of products and prov product lines tc 
the sales force within area of speciaity 


Primary duties and responsibilities include 

+ Identify new and enhanced network and IP products with 
commercial systems that integrate two or more separate p 
egories, such as CCTV, access contr and intrusi 

+ Attend trade shows, stay with ind 
products, seek new markets ar 
tives 

* Monitor product offerings by reviewing current s 
and IP product lines. ensuring acceptz 
which are also consistent with market demands and 

+ Participate in creating marketing plans, developing sh 
marketing strategies, providing input to catalog 
tiatives and supporting 

- Ensure product suppo 


dors and also maximiz 


Must be able to travel 
speak, stand, sit and reach. Bachelor's degree ir 
ness related discipline with a minimum of five 


keting/sales preferably ndustry. Strong 


edge and experience wv ret Ss and IT systerr 
ten, organization, time agement, team, and pr 


required 


Please apply or 
Enter req. # 00039 


Research Assoc Pittsburgh IT consulting firm with HQ 
PA). Develop, assess privacy Oak Brook, IL has multiple open 
anonymity software systems ings for IT professionals to se 
and in algorithms that !earn from 
disparate data sources (k-an 
onymity, assoc. rule related pro. 
blems); Design, develop algo- 
rithms in implementation of sys: te 
tems and performing statistical Specific skill sets needed in 
and formal analysis of data and clude 
systems; Analyze data collected 
via statistical software packag- + Net developers JO 
es, Prepare results. M.S. Data + J2EE developers JO- 
Mining, Statistics, or Computer 
Sc. wistrong educ. foundation in 
data privacy / anonymity, data 
mining, machine learning, data - - 
means probability, statistics Oracle Developers/DBA 
Extensive educ. Know. of C JO-040 
C++, Java, Matlab, database Siebel Developers J¢ 
hardware design, software im 
plementation. Travel req'd. 40hr. 
wk. Must have perm. work auth 07 
to work in U.S. Send resume to RP Consul 
Mr. Schearer, Carnegie Mellon PeoplesofSAP JO 
Univ., ISRI, Wean Hall 5319 
5000 Forbes Ave., Pgh., PA pees cate 

+ Project Manager 
15213 7 


Jocument 
focume 


multiple clients throughc 
U.S. Job duties include: Analys- 
is, design, development and 


testing of computer applications 


Data warehousing developers 
Cognos/Informatica, Abinitio. 
Business Objects) JO-03¢ 


Business Analyst J 


Pi 


ositions require eith 
Jegree in a related fie 
yrs. of exp. w/specif 


COMSYS 


With 35 branch offices located 
across the US, COMSYS is 
actively recruiting for the follow 
ing positions. 


Some entry level ¢ 
available 

ree & related 

Some senior le 

also available 
progres: 


Programmer Analyst salaries. \ 


Newark, DE - Code # NE11 locate 
Software Engineer - metro St 
Louis, MO - Code # SL12! JO# 
Systems Analyst metro Ft 

Lauderdale, FL - Code # FL110 

Statistical Database Analyst 

metro Chicago, IL Code 

NO110 

Systems Analyst - metro Ri 

mond, VA - Code # RI11 


jstein@IBS 


Roving employment to vary 
jobsites throughout the | 
Please refer to appropriate job 
code when submitting resume Associate V Presic 
to: COMSYS. Attn. Nancy 
Theriault 15455 N. Dallas 
Pkwy., Ste 300, Addison, TX 
75001. EOE./MF/DV 


HOWARD UNIVERSITY 
University Advancement 


Advancement Service 
Commensurate with 

ence. This position 
Advancement Services dep 
ment and direct support and 
coordination for all advanceme 
information systems for the 


lor gifticampaigr 


Web Configuration Manager, t and reporting 
NYC: Coordinate dev. of web lu: ide ment database 
systems in multi-platform envi the rcement emai 
ronment Maintain Version t 
Control CVS; make  duild lations and 

research. Supe 
releases using MAKE, ANT 17. Bach 
PERL. Coord Jev.of Web years e 
based functions; Dev. web advanceme 
applications for web site using preferably in higher education. A 
Java, JSP, Sordois. Dev. mar) [ruse Tack record of success 
die office manager system systems analysis and admi 
using Java, Swing. Perform QA 
Automation using Rational education 
Quick Test Professional. M.S ee 
B.S. or equivalent in C.S. req'd alana nentenst hommes 
+ 3 yrs exp wi M.S., 5 yrs w 
B.S. e-mail resume to 
careers@miletustrading.com 


o's degre 


tration at an institution of h: 


EQUAL OPPORTUNITY 
EMPLOYMENT 
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Continued from page 1 


age management tools. 

Several users who are famil- 
iar with Unicenter 1] praised 
CA’s plans to integrate its 
products and third-party tools 
through a common manage- 
ment database. They said the 
new release will also include 
an improved portal that IT 
managers can use to glimpse 
into various systems. 

“With one common man- 
agement database, that makes 
[data] transportability a lot 
cleaner,” said Harry Butler, 
support center manager at 
EFW Inc., an electronics sup 
plier in Fort Worth, Texas. 

Butler, who manages about 
3,000 PCs and 75 servers, is 
beta-testing Unicenter 1] and 
has used the management 
database to link several data- 
bases that contain informa- 
tion about tasks such as asset 
management and software dis- 
tribution. The integration has 
helped reduce the time it takes 
to complete systems manage- 
ment procedures, Butler said. 

Clark Ammons, production 


| 
and systems manager at Wash- 
1 . . . 
plication and potentially any 


ington University in St. Louis, 
said he has seen a PowerPoint 
presentation on the new Uni- 
center capabilities and thinks 


Continued from page 1 


Storage 


Corp.’s Veritas Enterprise 
Vault software to archive 
e-mail and plans to do the 
same thing for the company’s 
file systems next year. 

“Information just keeps 
growing. Our demand for stor- 
age keeps growing. I’m not 
sure if we’re ever ahead of the 
storage problem, but we're go- 
ing to do something to keep 
up,” Fucci said. 

Of roughly 250 users polled 
by conference organizers, 51% 
said they have no way of de- 
termining the cost of storing 


they sound “awesome.” Uni- 


| center 11 should provide the 
ability to view tools for man- 
| aging PCs, servers and main- 


frames, storage, networks and 
IT service levels from a single 
portal, Ammons said. 

“It puts all that information 


| right in front of one person 


instead of two or three com- 
puter operators that you have 
to staff on every shift,” he said. 


| Even so, he noted that it might 
| be hard for the university to 
| install the software because of 





| have everything integrated 


| funding issues and the com- 
| plexity of such changes. 


Steven Gelfound, IT direc- 


| tor at the National Center for 


Missing and Exploited Chil- 


| dren in Alexandria, Va., said 


he’s “ecstatic about Unicen- 


| ter 11” because the software 


should enable him to combine 


| the databases for about 20 CA 
| products into one repository. 


“We're a nonprofit without 


| ahuge IT staff,” Gelfound 


said. “And with 40 servers to 
manage, we want to have one 


| central database to have our 
| service desk tool talk to our 


asset management tool and 
With the management da- 
tabase, “virtually any CA ap- 


third-party [product] can har- 
vest management data from 
any other CA application,” 


data over time. Another 47% 
said they have a tiered stor- 
age model and some idea of 
storage costs but no way to 
automatically migrate data be- 
tween tiers. Only 7% said they 
can definitely determine the 
value of their data. 

Gary Schwimmer, a data 
center operations manager at 
Los Angeles-based Northrop 
Grumman Corp., said his 


| company has developed a data 


retention policy that involves 
tagging data using the Stan- 
dard Generalized Markup 
Language to determine what 
to move and when to move it. 
But Schwimmer said that 
migrating data from one tier 


NEWS 


| said Dennis Drogseth, an ana- 
lyst at Enterprise Management 
Associates in Boulder, Colo. 

| Onascale of 1 to 10 in impor- 
| tance, “this is a 10,” he said. 
CA World comes as the soft- 
| ware vendor is trying to round 
| acorner in its history. Since 

its last user conference in May 
2004, CA has ousted former 
CEO Sanjay Kumar and seen 
him and other former execu- 
tives charged in connection 
with an alleged accounting 


president of technology strategy 
and chief technology architect at 
Computer Associates, 

spoke to Computerworld 

last week in advance of CA 





to another is still a manual 
process that’s prompted by an 
automated e-mail notification 
system developed in-house. 


Data Deletion 
The IT managers said another 
big issue is finding ways to 
ensure that data is deleted at 
the end of its useful life. While 
some said they delete every- 
thing after a set period of time, 
others said their data often 
sits in external storage vaults, 
requiring the payment of fees 
and a migration to newer tape 
technology over time. 
Schwimmer said Northrop 
Grumman’s data deletion 





policy requires that every- 


CANADIAN POSTMASTER: 


POSTMASTER: 


fraud scheme. It also hired 
John Swainson from IBM as 
its new top executive and em- 
barked on a series of reorgani- 
zation moves. 

Swainson has said that im- 
proving CA's often testy rela- 
tionships with customers is a 
key part of his long-term plan 
for revitalizing the vendor. 

But Lee Anne Wilfert, CIO at 
Sierra Southwest Cooperative 
Services Inc. in Benson, Ariz., 
said the changes made at CA 





customers to pay and looking for 

the event to be self-funded. Anytime 

an event is self-funded, it will be 
harder to attract visitors. 
But the end result is that it's 
exceeded my expectations 
for quantity. 


What's the big theme of 
your new products? The 
two key words are compre- 
hensive and integrated. Even 
just a year ago, in security 
you had stand-alone antivi- 
tus and spyware and firewall [tools] 
and lots of little components. But 
now we want to think of them as 
integrated suites of products. 


Is that just marketing talk or 
real engineering? This has been 


| thing go after 10 years. But, he 
added, “we’re struggling like 
everyone else. The big part is 
convincing people it’s going 
to [require] an investment to 
make things change.” 

Richard Scannell, a consul- 
tant at GlassHouse Technolo- 


said IT managers can’t afford 
not to begin deleting data. Even 
if the capacity of new stor- 

age systems doubles every 18 
months, it will never be enough 
to keep up with data growth, 
he said. Statistics show that up 
to 74% of all data storage costs 
can be attributed to mainte- 
nance and administration of 
existing storage, he added. 





gies Inc. in Framingham, Mass., 





| 
| 
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thus far have reduced her con- 
tact with the company. “We’re a 
reference account for them, but 
we don’t even know our sales 
rep at this point,” Wilfert said. 
Partly as a result of that, 
Sierra Southwest is shifting 
from CA’s asset management 
software to a product from 
SAP AG, Wilfert said. But the 
SAP tool will be interfaced 
with other Unicenter compo- 
nents that the energy coopera- 
tive will continue to use. » 


CA Is Pulling Its Products Together, Barrenechea Says 


Mark Barrenechea, executive vice 


the effort of 4,000 engineers work- 
ing close to two years. This is CA's 
largest engineering project. I'm par- 


What is CA best at now, and 
where do you need to improve? 
We've done very well at becoming 
a software engineering company as 
opposed to an aggregator of tech- 
nologies. Historically, CA bought 86 
companies and we weren't known 
for great engineering, although we 
would support you. In terms of areas 
of improvement, there's a need to 
make sure that 16,000 CA employ- 
ees keep getting closer to custom- 
ers and their requirements and chal- 
lenges. | want them to earn that right 
and not just sell them software. 

- MATT HAMBLEN 


Craig Taylor, associate direc- 
tor of open systems at Chicago 
Mercantile Exchange Holdings 
Inc., said his group is working 
to determine how to classify 
data so migration policies can 
be created. Taylor’s group has 
built an elaborate storage in- 
frastructure with five tiers of 
data storage that include EMC 
Corp.’s Symmetrix arrays, sec- 
ondary disk storage systems 
from Copan Systems Inc. and 
tape libraries from Storage 
Technology Corp., which was 
recently acquired by Sun Mi- 
crosystems Inc. 

Even so, noted Taylor, “do 
we have any physical deletion 


policy? No.” » 





73% of the FORTUNE 100° and 76% 
of the European 100 compared business 
collaboration providers and came to 
a single conclusion. 


(| Obviously, great 


minds think alike. 
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evil’s Advocate 


OULD Sony BMG have botched it any more badly? It’s 

hard to see how. By now you've heard the story: Sony has 

been using a copy protection system called XCP on re- 

cent music CDs to discourage piracy. XCP, it turns out, 

installs hidden spyware on a Windows-based PC when 
an XCP-treated disc is put in the PC’s CD drive. Mark Russinovich, 
chief software architect at Winternals Software, spotted the worm 
and raised a stink. Sony claimed that the worm was innocuous but 
issued a patch anyway. Now the patch may crash PCs, the spyware re- 
portedly contacts Sony via the Internet, Italian police are investigating 
whether Sony committed a crime, and Sony’s reputation is in the toilet. 

And the worst of it? XCP doesn’t stop piracy. Not at all. 


Sony should have known that. A quick browse 
through the Web site of First 4 Internet Ltd., the 
British company that sells XCP, turns up this ca- 
veat: “If data in any format is digitally written to 
a compact disc or DVD then it can be read from 
that disc in some way. XCP is designed to give a 
level of protection that will make it suitably dif- 
ficult for the general consumer to copy and/or 
illegally distribute the content of the disc.” 

In other words, XCP isn’t designed to stop real 
music pirates from stripping out the copy protec- 
tion and stamping out thousands of pirated discs 
to sell. Or to prevent experienced file-swappers 
from ripping CD tracks and turning them into 
illegal MP3s to put on the Internet. 

No, XCP is aimed only at ordinary consumers 


— the paying customers Sony makes money from. 


Anyone else can easily work around it. Sony 
managed to employ a copy protection system 
that doesn’t stop thieves, just legitimate buyers. 
Hey, quit smirking. You’re not that much 
smarter than Sony. 
You say Sony should have done 
pilot tests with XCP before putting it 
on regular products? Sony did. Sony 
didn’t keep its use of copy protection 
a secret, either. Anyone who read the 
recording-business trade news knew 
about it. Even some daily newspa- 
pers ran stories on it last February. 
Making CD copy protection highly 
visible was central to Sony’s plan. 
No, Sony didn’t need more test- 
ing or publicity or planning. What 
Sony needed was a devil’s advocate 
— someone to point out that the 
company was spending money on 
a “solution” that couldn’t solve the 





problem, wouldn’t be worth the cost and could 
cause big problems down the line. 
Think you’re so smart? How many of your new 


| technology projects have a devil’s advocate? 


Not just a foot-dragger who dislikes the idea 
of the project, but a tough-minded critic whose 
job is to ferret out everything that’s likely to be 
wrong with it. 

A highly professional pessimist who assumes 
that the network won’t be able to handle the in- 
creased load. And that the users won’t find the 
new interface intuitive. And that the program- 
mers won't sail through that optimistic project 
schedule without so much as a glitch. 

Someone who will make sure the project is 
vetted from every angle. Who will describe it 
in unflattering detail to your lawyers. Who will 
demand those unflattering details from your ven- 
dors. Who will check out reference customers, 
tease out questionable claims and generally make 
sure all the problematic questions get asked. 

And — one thing more — someone who always 

remembers that his job isn’t politi- 
cal but technical and that it’s not to 
torpedo the project but to spot all 
the things that can go wrong so they 
won't torpedo the project. 

Would a devil’s advocate have 
saved Sony from its XCP botch job? 
Maybe not. But at least Sony would 
have known in advance a lot more 
of the ways its new copy-protection 
scheme could go horribly wrong. 

Will your next project demon- 
strate that you’re ever so much 
smarter than Sony? Maybe. 

Get yourself a devil’s advocate 
and find out.» 
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Unclear on the Concept 


User walks into pilot fish’s office and announces that 
one of the office copiers is smarter than the user is. 
“Being the positive, upbeat person that | am, | replied 
that can't be.” says fish. “He told me he knew he 
must open something to put the paper in but wasn't 
sure what. That's when | had to inform him that the 
copier was in another office. He was looking at our 
network printer. | guess he was right after all.” 


Not Now, 
Sooner! 


Pilot fish walks 
into work one 
morning to find 
his in-box overflowing 
with e-mails. “I was 
subscribed to a mail- 
ing list concerning a 
time-critical activity,” 
fish says. “Apparently, 
some problem in the 
mailing list software 
managed to not send 
me these messages 
for days.” Ten minutes 
later, fish hears from 
his boss, who's also on 
the list: “Why haven't 
you reacted to these 
messages?” Because | 
received them only now, 
just like you did, fish ex- 
plains. Boss: “Yes, but 
these messages were 
sent two and three days 
ago. You should have 
reacted sooner!” 


Tight 

This user’s monitor 
cable fell behind her 
desk, so she reattached 
it, but now the monitor 
won't work, she tells 
support pilot fish. Bad 
monitor, fish decides, 
and starts to remove 
the cable. “But ! can't, 
because the screws are 
cross-threaded,” fish 
says. “I use my muiti- 
tool to unscrew them a 
quarter turn at a time 
as the user informs me 
that putting that cable 
back on after it fell off 


SHAR 
TANK. 


was very dif- 
ficult. | finally 
see the problem: 
When the cable 
fell down behind 
her desk, she picked it 
up and reattached it up- 
side down. The force re- 
quired to insert a DB-15 
plug upside down and 
screw the thing in is 
unimaginable. I'll never 
ask her to arm wrestle, 
that’s for sure!” 


The Power of DSL 
Help desk gets a call 


power’s out. | wanna do 
that, only be oniine.” 


And how? 

I can't connect with the 
network, remote user 
tells help desk pilot fish. 
“After several minutes of 
troubleshooting, it was 
clear that the problem 
was the user’s modem, 
which basically died,” 
fish reports. Impatient 
user’s next question: 
“So where can | down- 
load another modem?” 


UPLOAD YOUR TALE TO SHARKY. Send me your 

true story of IT life at sharky@computerworld.com. 
You'll snag a snazzy Shark shirt if | use it. And check out the 
daily feed, browse the Sharkives and sign up for Shark Tank 
home delivery at computerworld.com/sharky. 
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